Skip to content

Commit 38a93a0

Browse files
mergify[bot]mergify[bot]
authored
Merge pull request #6850 from radarhere/releasenotes
Added release notes for #6842 and #6846
2 parents 0efda91 + e908afe commit 38a93a0

File tree

1 file changed

+14
-27
lines changed

1 file changed

+14
-27
lines changed

docs/releasenotes/9.4.0.rst

Lines changed: 14 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,30 +1,6 @@
11
9.4.0
22
-----
33

4-
Backwards Incompatible Changes
5-
==============================
6-
7-
TODO
8-
^^^^
9-
10-
TODO
11-
12-
Deprecations
13-
============
14-
15-
TODO
16-
^^^^
17-
18-
TODO
19-
20-
API Changes
21-
===========
22-
23-
TODO
24-
^^^^
25-
26-
TODO
27-
284
API Additions
295
=============
306

@@ -96,10 +72,21 @@ When saving a JPEG image, a comment can now be written from
9672
Security
9773
========
9874

99-
TODO
100-
^^^^
75+
Fix memory DOS in ImageFont
76+
^^^^^^^^^^^^^^^^^^^^^^^^^^^
77+
78+
A corrupt or specially crafted TTF font could have font metrics that lead to
79+
unreasonably large sizes when rendering text in font. ``ImageFont.py`` did not
80+
check the image size before allocating memory for it. This dates to the PIL
81+
fork. Pillow 8.2.0 added a check for large sizes, but did not consider the
82+
case where one dimension is zero.
83+
84+
Null pointer dereference crash in ImageFont
85+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
10186

102-
TODO
87+
Pillow attempted to dereference a null pointer in ``ImageFont``, leading to a
88+
crash. An error is now raised instead. This has been present since
89+
Pillow 8.0.0.
10390

10491
Other Changes
10592
=============

0 commit comments

Comments
 (0)