Attachment 8654 Details for Bug 19739 – Possible PoC test script for CVE-2016-9189

Possible PoC test script for CVE-2016-9189

test_map.py (text/x-python), 864 bytes, created by Len Lawrence on 2016-11-13 10:39:56 CET

(hide)

Description:

Filename:

MIME Type:

Creator: Len Lawrence

Created: 2016-11-13 10:39:56 CET

Size: 864 bytes

patch

obsolete

# https://github.com/python-pillow/Pillow/tree/master/Tests/images/l2rgb_read.bmp
from helper import PillowTestCase, unittest

from PIL import Image

class TestMap(PillowTestCase):
    def test_overflow(self):
        # There is the potential to overflow comparisons in map.c
        # if there are > SIZE_MAX bytes in the image or if
        # the file encodes an offset that makes
        # (offset + size(bytes)) > SIZE_MAX

        # Note that this image triggers the decompression bomb warning:
        max_pixels = Image.MAX_IMAGE_PIXELS
        Image.MAX_IMAGE_PIXELS = None

        # This image hits the offset test.
        im = Image.open('/home/lcl/qa/python/l2rgb_read.bmp')
        with self.assertRaises((ValueError, MemoryError)):
            im.load()

        Image.MAX_IMAGE_PIXELS = max_pixels


if __name__ == '__main__':
    unittest.main()

Actions: View

Attachments on bug 19739: 8654 | 8656 | 8659 | 8672