Merge pull request #7052 from radarhere/ppm_half_token

Clear PPM half token after use
python-pillow · Mar 31, 2023 · 3cd1e12 · 3cd1e12
2 parents eeaee75 + 5932a0b
commit 3cd1e12
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 3 deletions.
diff --git a/Tests/test_file_ppm.py b/Tests/test_file_ppm.py
@@ -256,6 +256,16 @@ def test_truncated_file(tmp_path):
             im.load()
 
 
+def test_not_enough_image_data(tmp_path):
+    path = str(tmp_path / "temp.ppm")
+    with open(path, "wb") as f:
+        f.write(b"P2 1 2 255 255")
+
+    with Image.open(path) as im:
+        with pytest.raises(ValueError):
+            im.load()
+
+
 @pytest.mark.parametrize("maxval", (b"0", b"65536"))
 def test_invalid_maxval(maxval, tmp_path):
     path = str(tmp_path / "temp.ppm")

diff --git a/docs/releasenotes/9.5.0.rst b/docs/releasenotes/9.5.0.rst
@@ -62,10 +62,19 @@ PLT markers.
 Security
 ========
 
-TODO
-^^^^
+Clear PPM half token after use
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-TODO
+Image files that are small on disk are often prevented from expanding to be
+big images consuming a large amount of resources simply because they lack the
+data to populate those resources.
+
+PpmImagePlugin might hold onto the last data read for a pixel value in case the
+pixel value has not been finished yet. However, that data was not being cleared
+afterwards, meaning that infinite data could be available to fill any image
+size.
+
+That data is now cleared after use.
 
 Other Changes
 =============

diff --git a/src/PIL/PpmImagePlugin.py b/src/PIL/PpmImagePlugin.py
@@ -237,6 +237,7 @@ def _decode_blocks(self, maxval):
 
             if half_token:
                 block = half_token + block  # stitch half_token to new block
+                half_token = False
 
             tokens = block.split()