Unused code in FliDecode.c and _imaging.c has SAST security issue

[karasovsky]

Hello!

According to the comments in _imaging.c thers is number of codecs, that must be replaced in PIL 1.2. But PIL development was discontinued 15 years ago.

One of this codecs has SAST security issue.

state->xsize potentially be equal to zero, which will lead to division by zero exception in ImagingFliDecode. If this code is not used, I suggest remove it.

Found by Linux Verification Center (linuxtesting.org) with SVACE. Reporter: Dmitriy Karasovsky (d.karasovsky@fobos-nt.ru).

[radarhere]

While this can be thought of as a problem by looking at that C file in isolation, in the context of our library as a whole, images that say one of their dimensions is zero will be stopped at https://github.com/python-pillow/Pillow/blob/731bcda904544d9d26bce268eca3a5cb4fcc1c46/src/PIL/ImageFile.py#L154-L156

Even if you consider just the C decoding process, we have https://github.com/python-pillow/Pillow/blob/731bcda904544d9d26bce268eca3a5cb4fcc1c46/src/decode.c#L189-L192

Not saying we shouldn't fix it, merely pointing out that it should not occur in our normal operations.

[radarhere]

8406 and #8408 have been created as possible ways to alleviate this concern.

[hugovk]

... has SAST security issue

For future reference, please see our security policy on how to report potential security issues:

https://github.com/python-pillow/Pillow?tab=security-ov-file#readme