# Patch to fix CVE-2014-3589 DOS in Python Imaging Library/Pillow.
#
# Patch will be applied shortly to Pillow, a fork of the PIL code which has
# replaced the obsolete PIL project.
#
--- Imaging-1.1.7-orig/PIL/IcnsImagePlugin.py 2009-10-31 17:44:11.000000000 -0700
+++ Imaging-1.1.7/PIL/IcnsImagePlugin.py 2014-08-12 16:11:57.999120000 -0700
@@ -115,6 +115,8 @@ class IcnsFile:
i = HEADERSIZE
while i < filesize:
sig, blocksize = nextheader(fobj)
+ if blocksize <= 0:
+ raise SyntaxError('invalid block header')
i = i + HEADERSIZE
blocksize = blocksize - HEADERSIZE
dct[sig] = (i, blocksize)