1
Origin: https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155
2
Subject: Denial-of-service in image validation
4
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
8
Index: python-django-1.3.1/django/core/files/images.py
9
===================================================================
10
--- python-django-1.3.1.orig/django/core/files/images.py 2010-09-10 14:45:25.000000000 -0400
11
+++ python-django-1.3.1/django/core/files/images.py 2012-08-14 18:28:27.895124158 -0400
13
file = open(file_or_path, 'rb')
16
+ # Most of the time PIL only needs a small chunk to parse the image and
17
+ # get the dimensions, but with some TIFF files PIL needs to parse the
21
- data = file.read(1024)
22
+ data = file.read(chunk_size)
28
+ chunk_size = chunk_size*2