Fix EPS DOS on _open -- CVE-2021-28677

* The readline used in EPS has to deal with any combination of \r and
  \n as line endings. It used an accidentally quadratic method of
  accumulating lines while looking for a line ending.
* A malicious EPS file could use this to perform a DOS of Pillow in
  the open phase, before an image was accepted for opening.
* This dates to the PIL Fork

Tests/test_file_eps.py

@@ -1,5 +1,4 @@
 import io
-
 import pytest
 
 from PIL import EpsImagePlugin, Image, features
@@ -264,3 +263,17 @@ def test_emptyline():
     assert image.mode == "RGB"
     assert image.size == (460, 352)
     assert image.format == "EPS"
+
+
+@pytest.mark.timeout(timeout=5)
+@pytest.mark.parametrize(
+    "test_file",
+    [
+        ("Tests/images/timeout-d675703545fee17acab56e5fec644c19979175de.eps")
+    ],
+)
+def test_timeout(test_file):
+    with open(test_file, "rb") as f:
+        with pytest.raises(Image.UnidentifiedImageError):
+            with Image.open(f):
+                pass

src/PIL/EpsImagePlugin.py

@@ -170,20 +170,20 @@ def seek(self, offset, whence=io.SEEK_SET):
         self.fp.seek(offset, whence)
 
     def readline(self):
-        s = self.char or b""
+        s = [self.char or b""]
         self.char = None
 
         c = self.fp.read(1)
-        while c not in b"\r\n":
-            s = s + c
+        while (c not in b"\r\n") and len(c):
+            s.append(c)
             c = self.fp.read(1)
 
         self.char = self.fp.read(1)
         # line endings can be 1 or 2 of \r \n, in either order
         if self.char in b"\r\n":
             self.char = None
 
-        return s.decode("latin-1")
+        return b"".join(s).decode("latin-1")
 
 
 def _accept(prefix):