File tree Expand file tree Collapse file tree 1 file changed +4
-14
lines changed Expand file tree Collapse file tree 1 file changed +4
-14
lines changed Original file line number Diff line number Diff line change @@ -570,20 +570,10 @@ def to_python(self, data):
570570 file = StringIO (data ['content' ])
571571
572572 try :
573- # load() is the only method that can spot a truncated JPEG,
574- # but it cannot be called sanely after verify()
575- trial_image = Image .open (file )
576- trial_image .load ()
577-
578- # Since we're about to use the file again we have to reset the
579- # file object if possible.
580- if hasattr (file , 'reset' ):
581- file .reset ()
582-
583- # verify() is the only method that can spot a corrupt PNG,
584- # but it must be called immediately after the constructor
585- trial_image = Image .open (file )
586- trial_image .verify ()
573+ # load() could spot a truncated JPEG, but it loads the entire
574+ # image in memory, which is a DoS vector. See #3848 and #18520.
575+ # verify() must be called immediately after the constructor.
576+ Image .open (file ).verify ()
587577 except ImportError :
588578 # Under PyPy, it is possible to import PIL. However, the underlying
589579 # _imaging C module isn't available, so an ImportError will be
You can’t perform that action at this time.
0 commit comments