Commits

Amaury Forgeot d'Arc committed c6d16b2

#4317: Fix an Array Bounds Read in imageop.rgb2rgb8.

Backport of r67266

Comments (0)

Files changed (3)

Lib/test/test_imageop.py

 _VALUES = (1, 2, 2**10, 2**15-1, 2**15, 2**15+1, 2**31-2, 2**31-1)
 VALUES = tuple( -x for x in reversed(_VALUES) ) + (0,) + _VALUES
 AAAAA = "A" * 1024
+MAX_LEN = 2**20
 
 
 class InputValidationTests(unittest.TestCase):
                 strlen = abs(width * height)
                 if size:
                     strlen *= size
-                if strlen < 1024:
+                if strlen < MAX_LEN:
                     data = "A" * strlen
                 else:
                     data = AAAAA
 Core and builtins
 -----------------
 
+- Issue #4317: Fixed a crash in the imageop.rgb2rgb8() function.
+
 - Issue #4230: If ``__getattr__`` is a descriptor, it now functions correctly.
 
 - Issue #4048: The parser module now correctly validates relative imports.

Modules/imageop.c

 	if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
 		return 0;
 
-	if ( !check_multiply_size(len*4, x, "x", y, "y", 4) )
+	if ( !check_multiply_size(len, x, "x", y, "y", 4) )
 		return 0;
 	nlen = x*y;
 	if ( !check_multiply(nlen, x, y) )
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.