As such, it crashes whenever you try to read any PNG with a text chunk. Since this is specifically the use-case the CVE patch was designed for, I find it surprising that apparently nobody tested it.
I have created and attached a patch for `2.3.0-1ubuntu3.2` that works on the PNG's I've tried. Instead of renaming all instances of `len`, it just does the minimal changes needed to get this to work. It's up to you guys whether you'd rather follow upstream or not, but please fix this fast, because this is a pretty serious bug.
This bug appears to have been introduced with `pillow- CVE-2014- 9601.patch` as part of `2.3.0-1ubuntu3.2`.
This patch was sourced (at least partially) from this Pillow commit:
https:/ /github. com/python- pillow/ Pillow/ commit/ 0b75526ffe41a46 97231beb8b57406 17c98f290b
However, this commit occurs after an earlier commit that changes all instances of `len` to `length`, to prevent shadowing:
https:/ /github. com/python- pillow/ Pillow/ commit/ d594c0241aabeda 6725fefc44ccc7f 945c0464c9
As such, it crashes whenever you try to read any PNG with a text chunk. Since this is specifically the use-case the CVE patch was designed for, I find it surprising that apparently nobody tested it.
I have created and attached a patch for `2.3.0-1ubuntu3.2` that works on the PNG's I've tried. Instead of renaming all instances of `len`, it just does the minimal changes needed to get this to work. It's up to you guys whether you'd rather follow upstream or not, but please fix this fast, because this is a pretty serious bug.