diff -rupN --no-dereference Pillow-5.4.1/src/libImaging/FliDecode.c Pillow-5.4.1-new/src/libImaging/FliDecode.c --- Pillow-5.4.1/src/libImaging/FliDecode.c 2020-02-13 14:44:21.491015777 +0100 +++ Pillow-5.4.1-new/src/libImaging/FliDecode.c 2020-02-13 14:44:21.544015384 +0100 @@ -40,8 +40,7 @@ ImagingFliDecode(Imaging im, ImagingCode return 0; /* We don't decode anything unless we have a full chunk in the - input buffer (on the other hand, the Python part of the driver - makes sure this is always the case) */ + input buffer */ ptr = buf; @@ -52,6 +51,10 @@ ImagingFliDecode(Imaging im, ImagingCode /* Make sure this is a frame chunk. The Python driver takes case of other chunk types. */ + if (bytes < 8) { + state->errcode = IMAGING_CODEC_OVERRUN; + return -1; + } if (I16(ptr+4) != 0xF1FA) { state->errcode = IMAGING_CODEC_UNKNOWN; return -1; diff -rupN --no-dereference Pillow-5.4.1/Tests/test_image.py Pillow-5.4.1-new/Tests/test_image.py --- Pillow-5.4.1/Tests/test_image.py 2019-01-06 13:12:16.000000000 +0100 +++ Pillow-5.4.1-new/Tests/test_image.py 2020-02-13 14:44:21.544015384 +0100 @@ -561,6 +561,13 @@ class TestRegistry(PillowTestCase): ('args',), extra=('extra',)) + with Image.open("Tests/images/fli_overrun2.bin") as im: + try: + im.seek(1) + self.assertFail() + except IOError as e: + self.assertEqual(str(e), "buffer overrun when reading image file") + if __name__ == '__main__': unittest.main()