From 6a83e4324738bb0452fbe8074a995b1c73f08de7 Mon Sep 17 00:00:00 2001 From: Eric Soroos <eric-github@soroos.net> Date: Mon, 9 Mar 2020 20:22:06 +0000 Subject: [PATCH 2/3] Fix OOB Access on PcxDecode.c --- src/libImaging/PcxDecode.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/libImaging/PcxDecode.c b/src/libImaging/PcxDecode.c index 9e9504ce5f..e5a38f4bec 100644 --- a/src/libImaging/PcxDecode.c +++ b/src/libImaging/PcxDecode.c @@ -22,10 +22,7 @@ ImagingPcxDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt UINT8 n; UINT8* ptr; - if (strcmp(im->mode, "1") == 0 && state->xsize > state->bytes * 8) { - state->errcode = IMAGING_CODEC_OVERRUN; - return -1; - } else if (strcmp(im->mode, "P") == 0 && state->xsize > state->bytes) { + if ((state->xsize * state->bits + 7) / 8 > state->bytes) { state->errcode = IMAGING_CODEC_OVERRUN; return -1; }