Daniel Brötzmann pushed to branch master at gajim / gajim
Commits:
8e5bb40c by wurstsalat at 2022-11-09T20:32:44+01:00
fix: Preview: Stop further processing if decompression bomb detected
Fixes #11280
- - - - -
1 changed file:
- gajim/common/preview_helpers.py
Changes:
=====================================
gajim/common/preview_helpers.py
=====================================
@@ -154,7 +154,12 @@ def create_thumbnail(data: bytes,
mime_type: str
) -> Optional[bytes]:
- thumbnail = create_thumbnail_with_pil(data, size)
+ try:
+ thumbnail = create_thumbnail_with_pil(data, size)
+ except (Image.DecompressionBombError, Image.DecompressionBombWarning):
+ # Don't try to process image further
+ return None
+
if thumbnail is not None:
return thumbnail
return create_thumbnail_with_pixbuf(data, size, mime_type)
@@ -210,6 +215,10 @@ def create_thumbnail_with_pil(data: bytes, size: int) ->
Optional[bytes]:
output_file = BytesIO()
try:
image = Image.open(input_file)
+ except (Image.DecompressionBombError,
+ Image.DecompressionBombWarning) as error:
+ log.warning('Decompression bomb detected: %s', error)
+ raise
except Exception as error:
log.warning('making pil thumbnail failed: %s', error)
log.warning('fallback to pixbuf')
View it on GitLab:
https://dev.gajim.org/gajim/gajim/-/commit/8e5bb40c50e956d1aa58d2fa30a075287c572dcf
--
View it on GitLab:
https://dev.gajim.org/gajim/gajim/-/commit/8e5bb40c50e956d1aa58d2fa30a075287c572dcf
You're receiving this email because of your account on dev.gajim.org.
_______________________________________________
Commits mailing list
[email protected]
https://lists.gajim.org/cgi-bin/listinfo/commits
