Opened 8 years ago

Closed 8 years ago

#3848 closed (fixed)

Image validator: fails to spot image truncation or corruption

Reported by: andrewc-djangotrac1@… Owned by: nobody
Component: Core (Other) Version: master
Severity: Keywords: images, image, validation, verification, PIL
Cc: dev@… Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

django.core.validators.isValidImage in trunk does not detect corrupt or truncated images: more PIL calls than just the constructor need to be made in order to effect the full set of checks PIL is capable of, because most PIL.xxxImagePlugin modules read no more data than is necessary at construction time. One of load() or verify() (or both if possible) must be called on the PIL.Image object in order to perform the fullest set of checks.

To reproduce:

  • Prepare truncated/corrupted PNG or JPEG files with vi, dd, based on some known-good images, and leaving the first few bytes of the image header intact.
  • Test that PIL can spot that the images are corrupt:
>>> from PIL import Image
>>> from cStringIO import StringIO
>>> i = Image.open(StringIO(open('hi_truncated.png', 'r').read()))
>>> i.verify()
[...]
IndexError: string index out of range
>>> i = Image.open(StringIO(open('hi_truncated.jpg', 'r').read()))
>>> i.load()
[...]
IOError: image file is truncated (46 bytes not processed)
>>>
  • Set up a model with an ImageField
  • Try to upload one of the bad images you prepared via the django admin interface.

Expected behaviour:

  • Upload will be rejected with the message "Upload a valid image. The file you uploaded was either not an image or a corrupted image."

Observed behaviour as of [4836] (and presumably all the way back to [3]):

  • Image is accepted as if it were non-corrupt.

This is my first django bug report, so I hope I'm doing it right. I could provide a test case if you like, but I noticed that the existing test framework makes no attempt to test this area of code in order to avoid a dependency on PIL at test time.

Attachments (2)

django_core_validators_isValidImage.diff (1.7 KB) - added by Andrew C. <andrewc-djangotrac1@…> 8 years ago.
django_core_validators_isValidImage.better-message.diff (1.8 KB) - added by Andrew C. <andrewc-djangotrac1@…> 8 years ago.
Improve the phrasing of the Debug-mode error message addendum

Download all attachments as: .zip

Change History (5)

Changed 8 years ago by Andrew C. <andrewc-djangotrac1@…>

Changed 8 years ago by Andrew C. <andrewc-djangotrac1@…>

Improve the phrasing of the Debug-mode error message addendum

comment:1 follow-up: Changed 8 years ago by Simon G. <dev@…>

  • Cc dev@… added
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Ready for checkin

Looks good to me.

comment:2 in reply to: ↑ 1 Changed 8 years ago by andrewc-djangotrac1@…

Replying to Simon G. <dev@simon.net.nz>:

Looks good to me.

Does this patch need any further work from me? It's been "Ready for checkin" for 3 months without any flagged need for documentation, improvement, or tests.
Do you need anything more from me? I'd be happy to oblige, just let me know.

comment:3 Changed 8 years ago by russellm

  • Resolution set to fixed
  • Status changed from new to closed

(In [6175]) Fixed #3848 -- Added more comprehensive checks to ImageField validation, checking for image truncation or corruption. Thanks to Andrew C <andrewc-djangotrac1@…> for the patch.

Note: See TracTickets for help on using tickets.
Back to Top