django.core.validators.isValidImage in trunk does not detect corrupt or truncated images: more PIL calls than just the constructor need to be made in order to effect the full set of checks PIL is capable of, because most PIL.xxxImagePlugin modules read no more data than is necessary at construction time. One of load() or verify() (or both if possible) must be called on the PIL.Image object in order to perform the fullest set of checks.
To reproduce:
- Prepare truncated/corrupted PNG or JPEG files with vi, dd, based on some known-good images, and leaving the first few bytes of the image header intact.
- Test that PIL can spot that the images are corrupt:
>>> from PIL import Image
>>> from cStringIO import StringIO
>>> i = Image.open(StringIO(open('hi_truncated.png', 'r').read()))
>>> i.verify()
[...]
IndexError: string index out of range
>>> i = Image.open(StringIO(open('hi_truncated.jpg', 'r').read()))
>>> i.load()
[...]
IOError: image file is truncated (46 bytes not processed)
>>>
- Try to upload one of the bad images you prepared via the django admin interface.
Expected behaviour:
- Upload will be rejected with the message "Upload a valid image. The file you uploaded was either not an image or a corrupted image."
Observed behaviour as of [4836] (and presumably all the way back to [3]):
- Image is accepted as if it were non-corrupt.
This is my first django bug report, so I hope I'm doing it right. I could provide a test case if you like, but I noticed that the existing test framework makes no attempt to test this area of code in order to avoid a dependency on PIL at test time.
