search

python-pillow / Pillow

Python Imaging Library (Fork)
https://python-pillow.org
Other
12.32k stars 2.23k forks source link

ValueError: invalid literal for int() with base 10 in PpmImagePlugin.py #8515

Closed gabe-sherman closed 3 weeks ago

gabe-sherman commented 3 weeks ago

A ValueError occurs in the below code when provided with a malformed input. This occurs at line 119 in PpmImagePlugin.py when a token returned from _read_token is cast to an int.

import io
import sys
import PIL.Image as im

data = io.BytesIO(open(sys.argv[1], "rb").read())
im.open(data)

Version

11.0.0

POC File

https://github.com/FuturesLab/POC/blob/main/pillow/poc-01

How to trigger

file.py poc-01

Trace Report

Traceback (most recent call last):
  File "pillow/crashes/c3/rep.py", line 7, in <module>
    im.open(data)
  File "/home/anon/.local/lib/python3.10/site-packages/PIL/Image.py", line 3515, in open
    im = _open_core(fp, filename, prefix, formats)
  File "/home/anon/.local/lib/python3.10/site-packages/PIL/Image.py", line 3503, in _open_core
    im = factory(fp, filename)
  File "/home/anon/.local/lib/python3.10/site-packages/PIL/ImageFile.py", line 144, in __init__
    self._open()
  File "/home/anon/local/lib/python3.10/site-packages/PIL/PpmImagePlugin.py", line 119, in _open
    self._size = int(self._read_token()), int(self._read_token())
ValueError: invalid literal for int() with base 10: b'\x00\xd8&'

Potential Regression

This error also seems to be a regression, where a ValueError with a descriptive message is intentionally raised in version 9.0.0:

 File "pillow/crashes/c3/rep.py", line 6, in <module>
    im.open(data)
  File "/home/anon/.local/lib/python3.10/site-packages/PIL/Image.py", line 2994, in open
    im = _open_core(fp, filename, prefix, formats)
  File "/home/anon/.local/lib/python3.10/site-packages/PIL/Image.py", line 2980, in _open_core
    im = factory(fp, filename)
  File "/home/anon/.local/lib/python3.10/site-packages/PIL/ImageFile.py", line 112, in __init__
    self._open()
  File "/home/anon/.local/lib/python3.10/site-packages/PIL/PpmImagePlugin.py", line 96, in _open
    s = int(self._token(s))
  File "/home/anon/.local/lib/python3.10/site-packages/PIL/PpmImagePlugin.py", line 58, in _token
    raise ValueError("Expected ASCII value, found binary")
ValueError: Expected ASCII value, found binary
radarhere commented 3 weeks ago

To be simplistic, you have provided a file you say is malformed, and Pillow has raised an error. It's not clear to me how you expect Pillow to behave in this situation?

The "Expected ASCII value, found binary" error was removed in https://github.com/python-pillow/Pillow/pull/5121#discussion_r819240969

gabe-sherman commented 3 weeks ago

Thanks for the response! I definitely see where you're coming from. I wanted to report this in case this exception was occurring in an unexpected way where the data was being mishandled. As you said, this is expected behavior for handling data formed in this way, so there's not really anything to fix here :).