+4
-14
lines changedFilter options
+4
-14
lines changed Original file line number Diff line number Diff line change
@@ -570,20 +570,10 @@ def to_python(self, data):
570 570
file = StringIO(data['content'])
571 571 572 572
try:
573 -
# load() is the only method that can spot a truncated JPEG,
574 -
# but it cannot be called sanely after verify()
575 -
trial_image = Image.open(file)
576 -
trial_image.load()
577 - 578 -
# Since we're about to use the file again we have to reset the
579 -
# file object if possible.
580 -
if hasattr(file, 'reset'):
581 -
file.reset()
582 - 583 -
# verify() is the only method that can spot a corrupt PNG,
584 -
# but it must be called immediately after the constructor
585 -
trial_image = Image.open(file)
586 -
trial_image.verify()
573 +
# load() could spot a truncated JPEG, but it loads the entire
574 +
# image in memory, which is a DoS vector. See #3848 and #18520.
575 +
# verify() must be called immediately after the constructor.
576 +
Image.open(file).verify()
587 577
except ImportError:
588 578
# Under PyPy, it is possible to import PIL. However, the underlying
589 579
# _imaging C module isn't available, so an ImportError will be
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4