Code

Opened 7 years ago

Closed 7 years ago

#4478 closed (fixed)

[patch] PIL Bug Causes Django 0.96 Image Validator to Break if OLE Document Uploaded

Reported by: pchilds@… Owned by: nobody
Component: Validators Version: 0.96
Severity: Keywords: image validator
Cc: v.oostveen@… Triage Stage: Design decision needed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

My first test was to upload a valid image. Worked fine.
My next few tests were to upload invalid files: pdf, vb, xml, txt,
etc.
The result was a nice error message except when I tried to upload any
kind of MS Office file. This broke Django...


Traceback (most recent call last):
File "C:\Python24\Lib\site-packages\django\core\handlers\base.py" in
get_response

  1. response = callback(request, *callback_args, callback_kwargs)

File "C:\Python24\Lib\site-packages\django\contrib\auth\decorators.py"
in _checklogin

  1. return view_func(request, *args, kwargs)

File "c:\idms_project\idms\ssi\views.py" in update_ssi_status

  1. errors = manipulator.get_validation_errors(new_data)

File "C:\Python24\Lib\site-packages\django\oldforms\init.py" in
get_validation_errors

  1. errors.update(field.get_validation_errors(new_data))

File "C:\Python24\Lib\site-packages\django\oldforms\init.py" in
get_validation_errors

  1. self.run_validator(new_data, validator)

File "C:\Python24\Lib\site-packages\django\oldforms\init.py" in
run_validator

  1. validator(new_data.get(self.field_name, ), new_data)

File "C:\Python24\Lib\site-packages\django\oldforms\init.py" in
isValidImage

  1. validators.isValidImage(field_data, all_data)

File "C:\Python24\Lib\site-packages\django\core\validators.py" in
isValidImage

  1. Image.open(StringIO(content))

File "C:\Python24\lib\site-packages\PIL\Image.py" in open

  1. return factory(fp, filename)

File "C:\Python24\lib\site-packages\PIL\ImageFile.py" in init

  1. self._open()

File "C:\Python24\lib\site-packages\PIL\FpxImagePlugin.py" in _open

  1. self.ole = OleFileIO(self.fp)

File "C:\Python24\lib\site-packages\PIL\OleFileIO.py" in init

  1. self.open(filename)

File "C:\Python24\lib\site-packages\PIL\OleFileIO.py" in open

  1. self.loadfat(header)

File "C:\Python24\lib\site-packages\PIL\OleFileIO.py" in loadfat

  1. s = self.getsect(ix)

File "C:\Python24\lib\site-packages\PIL\OleFileIO.py" in getsect

  1. self.fp.seek(512 + self.sectorsize * sect)

OverflowError at /ssi/ssi_status/update/380/181/
long int too large to convert to int


According to Chris Beaven, the problem is with PIL...
-quote-
It's a bug with PIL reading OLE files with Python 2.4:
http://mail.python.org/pipermail/image-sig/2006-February/003764.html

Probably worth filing a ticket - it'd be easy enough to catch
OverflowError in our validator.
-end quote-

Attachments (1)

pil_validator_fix.patch (837 bytes) - added by SmileyChris 7 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 Changed 7 years ago by SmileyChris

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Design decision needed

Design decision because I'm not sure what the policy is on Django working around bugs in third-party products. I do have a simple patch which will solve the problem if we do want to work around it.

Changed 7 years ago by SmileyChris

comment:2 Changed 7 years ago by anonymous

  • Cc v.oostveen@… added
  • Has patch set
  • Summary changed from PIL Bug Causes Django 0.96 Image Validator to Break if OLE Document Uploaded to [patch] PIL Bug Causes Django 0.96 Image Validator to Break if OLE Document Uploaded

Applyed this patch to my django project and it works fine.

I'm +1 on including this

only recommand that we change the except to:

except (IOError, OverflowError): # Python Imaging Library doesn't recognize it as an image 

so it's less confusing towards except Exception, e: and future Python versions.

p.s. i don't think this is a design decision, this is a bug in PIL and we should capture the OverFlow acception.
as it tells the application, something went wrong in trying to read the image (OLE object in this case)

comment:3 Changed 7 years ago by SmileyChris

Thank's v, you're right that the exceptions should have been tupled.

comment:4 Changed 7 years ago by russellm

  • Resolution set to fixed
  • Status changed from new to closed

(In [6096]) Fixed #4478 -- Added a catch for an error thrown by PIL when attempting to validate MS OLE files.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.