Prevent division by zero by radarhere · Pull Request #8408 · python-pillow/Pillow
Resolves #8405. Alternative to #8406
The issue is concerned that at
| if (INT32_MAX / state->xsize < state->ysize) { |
state->xsize might be zero, and so we might be dividing by zero.
However, in the context of our library as a whole, images that say one of their dimensions are zero will be stopped at
| if not self.mode or self.size[0] <= 0 or self.size[1] <= 0: | |
| msg = "not identified by this driver" | |
| raise SyntaxError(msg) |
Even if you consider just the C decoding process, we have
| if (state->xsize <= 0 || state->xsize + state->xoff > (int)im->xsize || | |
| state->ysize <= 0 || state->ysize + state->yoff > (int)im->ysize) { | |
| PyErr_SetString(PyExc_ValueError, "tile cannot extend outside image"); | |
| return NULL; |
So this is not a scenario that should actually occur. However, in order to allay concerns from a casual observer, it might be worth updating the code. I don't consider changes to address this to be a 'fix', but rather a 'If all else fails' safety net.
#8406 suggests resolving the concern by raising an error from within FliDecode.c. My minor concern with that strategy is that we could make someone reading the code think that xsize might be zero there.
Instead, I'm going to suggest just removing the division operation altogether.
if (INT32_MAX < (long)state->xsize * state->ysize) {