Fix missing null dereference checks#9489
Merged
radarhere merged 5 commits intopython-pillow:mainfrom Mar 27, 2026
Merged
Conversation
radarhere
reviewed
Mar 24, 2026
src/_avif.c
Outdated
|
|
||
| if (rgb.height > PY_SSIZE_T_MAX / rgb.rowBytes) { | ||
| PyErr_SetString(PyExc_MemoryError, "Integer overflow in pixel size"); | ||
| // UNDONE avifRGBImageFreePixels(&rgb); ?? |
Member
There was a problem hiding this comment.
Did you want to leave a GitHub comment explaining the uncertainty around this?
Member
Author
There was a problem hiding this comment.
It looks like it should be there, but I wasn’t sure and it was late.
radarhere
reviewed
Mar 26, 2026
radarhere
reviewed
Mar 26, 2026
radarhere
reviewed
Mar 26, 2026
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
luketainton
pushed a commit
to luketainton/repos_webexmemebot
that referenced
this pull request
Apr 1, 2026
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [pillow](https://github.com/python-pillow/Pillow) ([changelog](https://github.com/python-pillow/Pillow/releases)) | `<12.1.2,>=12.1.1` → `<12.2.1,>=12.2.0` |  |  | --- ### Release Notes <details> <summary>python-pillow/Pillow (pillow)</summary> ### [`v12.2.0`](https://github.com/python-pillow/Pillow/releases/tag/12.2.0) [Compare Source](python-pillow/Pillow@12.1.1...12.2.0) <https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html> #### Documentation - Update 12.2.0 release notes [#​9522](python-pillow/Pillow#9522) \[[@​hugovk](https://github.com/hugovk)] - Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm [#​9482](python-pillow/Pillow#9482) \[[@​bitplane](https://github.com/bitplane)] - Update Python versions [#​9515](python-pillow/Pillow#9515) \[[@​radarhere](https://github.com/radarhere)] - Jeffrey A. Clark -> Jeffrey 'Alex' Clark [#​9513](python-pillow/Pillow#9513) \[[@​aclark4life](https://github.com/aclark4life)] - Add release notes for [#​9394](python-pillow/Pillow#9394), [#​9419](python-pillow/Pillow#9419) and [#​9456](python-pillow/Pillow#9456) [#​9467](python-pillow/Pillow#9467) \[[@​radarhere](https://github.com/radarhere)] - Add Amiga Workbench .info loader to 3rd party plugins list [#​9459](python-pillow/Pillow#9459) \[[@​bitplane](https://github.com/bitplane)] - Merge PFM documentation into PPM [#​9434](python-pillow/Pillow#9434) \[[@​radarhere](https://github.com/radarhere)] - Update macOS tested Pillow versions [#​9431](python-pillow/Pillow#9431) \[[@​radarhere](https://github.com/radarhere)] - Fix CVE number [#​9430](python-pillow/Pillow#9430) \[[@​hugovk](https://github.com/hugovk)] #### Dependencies - Update xz to 5.8.3 [#​9523](python-pillow/Pillow#9523) \[[@​radarhere](https://github.com/radarhere)] - Update libjpeg-turbo to 3.1.4.1 [#​9507](python-pillow/Pillow#9507) \[[@​radarhere](https://github.com/radarhere)] - Update libpng to 1.6.56 [#​9499](python-pillow/Pillow#9499) \[[@​radarhere](https://github.com/radarhere)] - Update freetype to 2.14.3 [#​9485](python-pillow/Pillow#9485) \[[@​radarhere](https://github.com/radarhere)] - Updated libavif to 1.4.1 [#​9479](python-pillow/Pillow#9479) \[[@​radarhere](https://github.com/radarhere)] - Updated harfbuzz to 13.2.1 [#​9461](python-pillow/Pillow#9461) \[[@​radarhere](https://github.com/radarhere)] - Update Ghostscript to 10.7.0 [#​9469](python-pillow/Pillow#9469) \[[@​radarhere](https://github.com/radarhere)] - Update harfbuzz to 13.0.1 [#​9453](python-pillow/Pillow#9453) \[[@​radarhere](https://github.com/radarhere)] - Update libavif to 1.4.0 [#​9460](python-pillow/Pillow#9460) \[[@​radarhere](https://github.com/radarhere)] - Update freetype to 2.14.2 [#​9449](python-pillow/Pillow#9449) \[[@​radarhere](https://github.com/radarhere)] - Update actions/download-artifact action to v8 [#​9451](python-pillow/Pillow#9451) \[@​[renovate\[bot\]](https://github.com/apps/renovate)] - Updated libpng to 1.6.55 [#​9425](python-pillow/Pillow#9425) \[[@​radarhere](https://github.com/radarhere)] #### Testing - Cleanup .spider extension in the same test where it is added [#​9517](python-pillow/Pillow#9517) \[[@​radarhere](https://github.com/radarhere)] - Run tests in parallel via tox for 3.5x speedup [#​9516](python-pillow/Pillow#9516) \[[@​hugovk](https://github.com/hugovk)] - Enable colour in CI logs [#​9486](python-pillow/Pillow#9486) \[[@​hugovk](https://github.com/hugovk)] - Update Ghostscript to 10.7.0 [#​9469](python-pillow/Pillow#9469) \[[@​radarhere](https://github.com/radarhere)] - Simplify TGA test code [#​9477](python-pillow/Pillow#9477) \[[@​radarhere](https://github.com/radarhere)] - Update tests to check for ValueError when encoding an empty image [#​9464](python-pillow/Pillow#9464) \[[@​radarhere](https://github.com/radarhere)] - Upgrade CI from `macos-15-intel` to `macos-26-intel` [#​9454](python-pillow/Pillow#9454) \[[@​hugovk](https://github.com/hugovk)] - Add check-case-conflict hook [#​9446](python-pillow/Pillow#9446) \[[@​radarhere](https://github.com/radarhere)] - Specify platform when pulling docker image [#​9440](python-pillow/Pillow#9440) \[[@​radarhere](https://github.com/radarhere)] - GHA: Cache libavif and webp builds for Ubuntu [#​9437](python-pillow/Pillow#9437) \[[@​hugovk](https://github.com/hugovk)] - Update macOS tested Pillow versions [#​9431](python-pillow/Pillow#9431) \[[@​radarhere](https://github.com/radarhere)] #### Other changes - Check calloc return value [#​9527](python-pillow/Pillow#9527) \[[@​radarhere](https://github.com/radarhere)] - Check all allocs in the Arrow tree [#​9488](python-pillow/Pillow#9488) \[[@​wiredfool](https://github.com/wiredfool)] - Reject non-numeric elements inside list coords [#​9526](python-pillow/Pillow#9526) \[[@​hugovk](https://github.com/hugovk)] - Move variable declaration inside define [#​9525](python-pillow/Pillow#9525) \[[@​radarhere](https://github.com/radarhere)] - Resize tall images vertically first [#​9524](python-pillow/Pillow#9524) \[[@​radarhere](https://github.com/radarhere)] - Avoid overflow by not adding extents together [#​9520](python-pillow/Pillow#9520) \[[@​hugovk](https://github.com/hugovk)] - Use long for glyph position [#​9518](python-pillow/Pillow#9518) \[[@​hugovk](https://github.com/hugovk)] - Raise an error if the trailer chain loops back on itself [#​9519](python-pillow/Pillow#9519) \[[@​hugovk](https://github.com/hugovk)] - Only read as much data from gzip-decompressed data as necessary [#​9521](python-pillow/Pillow#9521) \[[@​hugovk](https://github.com/hugovk)] - Allow None extents in C setimage() [#​9504](python-pillow/Pillow#9504) \[[@​radarhere](https://github.com/radarhere)] - Use critical sections to protect FontObject [#​9498](python-pillow/Pillow#9498) \[[@​colesbury](https://github.com/colesbury)] - Add ImageText.Text.wrap() to wrap text [#​9286](python-pillow/Pillow#9286) \[[@​radarhere](https://github.com/radarhere)] - Always call StubHandler open() when opening StubImageFile [#​9412](python-pillow/Pillow#9412) \[[@​radarhere](https://github.com/radarhere)] - Improved BCn overflow check [#​9043](python-pillow/Pillow#9043) \[[@​radarhere](https://github.com/radarhere)] - Image will never be None [#​9512](python-pillow/Pillow#9512) \[[@​radarhere](https://github.com/radarhere)] - Raise EOFError when seeking too far in PSD [#​9388](python-pillow/Pillow#9388) \[[@​radarhere](https://github.com/radarhere)] - Raise error if ImageGrab subprocess gives non-zero returncode [#​9321](python-pillow/Pillow#9321) \[[@​radarhere](https://github.com/radarhere)] - Allow for different palette entry sizes when correcting BMP pixel data offset [#​9472](python-pillow/Pillow#9472) \[[@​radarhere](https://github.com/radarhere)] - Ignore unspecified extra samples for TIFF separate planar configuration [#​9514](python-pillow/Pillow#9514) \[[@​radarhere](https://github.com/radarhere)] - Add PERF to lint and fix findings [#​9510](python-pillow/Pillow#9510) \[[@​hugovk](https://github.com/hugovk)] - Switch iOS back to macos-15-intel [#​9509](python-pillow/Pillow#9509) \[[@​radarhere](https://github.com/radarhere)] - Catch struct.error [#​9505](python-pillow/Pillow#9505) \[[@​radarhere](https://github.com/radarhere)] - Check PyCapsule\_GetPointer and PyBytes\_FromStringAndSize return values [#​9508](python-pillow/Pillow#9508) \[[@​radarhere](https://github.com/radarhere)] - Fix missing null dereference checks [#​9489](python-pillow/Pillow#9489) \[[@​wiredfool](https://github.com/wiredfool)] - CI: Retry failed downloads [#​9506](python-pillow/Pillow#9506) \[[@​hugovk](https://github.com/hugovk)] - Use PyModule\_AddObjectRef [#​9503](python-pillow/Pillow#9503) \[[@​radarhere](https://github.com/radarhere)] - Release reference to encoder on error [#​9500](python-pillow/Pillow#9500) \[[@​radarhere](https://github.com/radarhere)] - Fixed AVIF and WEBP dealloc [#​9501](python-pillow/Pillow#9501) \[[@​radarhere](https://github.com/radarhere)] - Check PyType\_Ready return values [#​9502](python-pillow/Pillow#9502) \[[@​radarhere](https://github.com/radarhere)] - Check if PyObject\_CallMethod result is NULL [#​9494](python-pillow/Pillow#9494) \[[@​radarhere](https://github.com/radarhere)] - Do not use palette from grayscale or bilevel colorspace when reading JPEG2000 images [#​9468](python-pillow/Pillow#9468) \[[@​radarhere](https://github.com/radarhere)] - If TGA v2 extension area specifies no alpha, fill alpha channel [#​9478](python-pillow/Pillow#9478) \[[@​radarhere](https://github.com/radarhere)] - Set image pixels individually on 32-bit Windows [#​9492](python-pillow/Pillow#9492) \[[@​radarhere](https://github.com/radarhere)] - Add error messages before returning NULL when encoding [#​9493](python-pillow/Pillow#9493) \[[@​radarhere](https://github.com/radarhere)] - Fix `_getxy` refcount leaks [#​9487](python-pillow/Pillow#9487) \[[@​hugovk](https://github.com/hugovk)] - Fix invalid test font [#​9483](python-pillow/Pillow#9483) \[[@​radarhere](https://github.com/radarhere)] - Add Exif tag "FrameRate" [#​9470](python-pillow/Pillow#9470) \[[@​zhiyuanouyang](https://github.com/zhiyuanouyang)] - Support reading JPEG2000 images with CMYK palettes [#​9456](python-pillow/Pillow#9456) \[[@​radarhere](https://github.com/radarhere)] - Simplify `setimage()` by always passing extents [#​9395](python-pillow/Pillow#9395) \[[@​radarhere](https://github.com/radarhere)] - If bitmap buffer is empty, do not render anything [#​8324](python-pillow/Pillow#8324) \[[@​radarhere](https://github.com/radarhere)] - Change to ValueError when encoding an empty image [#​9394](python-pillow/Pillow#9394) \[[@​radarhere](https://github.com/radarhere)] - Add FontFile.to\_imagefont() [#​9419](python-pillow/Pillow#9419) \[[@​fjhenigman](https://github.com/fjhenigman)] - \[pre-commit.ci] pre-commit autoupdate [#​9450](python-pillow/Pillow#9450) \[@​[pre-commit-ci\[bot\]](https://github.com/apps/pre-commit-ci)] - Use walrus operator [#​9448](python-pillow/Pillow#9448) \[[@​radarhere](https://github.com/radarhere)] - Only close file handle in ImagePalette.save() if it was opened internally [#​9444](python-pillow/Pillow#9444) \[[@​bysiber](https://github.com/bysiber)] - Fix `self.decode` typo [#​9445](python-pillow/Pillow#9445) \[[@​bysiber](https://github.com/bysiber)] - Fix BMP RLE delta escape reading from wrong file position [#​9443](python-pillow/Pillow#9443) \[[@​bysiber](https://github.com/bysiber)] - Correct error check when encoding AVIF images [#​9442](python-pillow/Pillow#9442) \[[@​radarhere](https://github.com/radarhere)] - Fix unexpected error when saving zero dimension images [#​9391](python-pillow/Pillow#9391) \[[@​radarhere](https://github.com/radarhere)] - Use uppercase format ID for PALM [#​9435](python-pillow/Pillow#9435) \[[@​radarhere](https://github.com/radarhere)] </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuNiIsInVwZGF0ZWRJblZlciI6IjQzLjEwMi42IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==--> Reviewed-on: https://git.tainton.uk/repos/webexmemebot/pulls/579 Reviewed-by: Luke Tainton <luke@tainton.uk> Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes proposed in this pull request:
_imaging.c:3767—PyCapsule_SetContext(NULL)whenPyCapsule_Newfails_webp.c:503— NULLbytestoPy_BuildValue("Si")+Py_DECREF(NULL)_avif.c:807— NULLbytestoPy_BuildValue("SKKK")+Py_DECREF(NULL)_avif.c:709— UncheckedPyBytes_FromStringAndSizeleaves active exception →SystemError_imagingmorph.c:187,232— NULLcoordObjtoPyList_Append(2 functions)_imagingft.c:943—PyCapsule_GetPointer(NULL)infont_render_imaging.c:2471—PyTuple_SET_ITEMon NULL tuple in_splitThanks to @devdanzin for the report.