Skip to content

Simplify FreeTypeFont.getmask2()#7645

Merged
radarhere merged 1 commit intopython-pillow:mainfrom
nulano:font-bomb
Jan 4, 2024
Merged

Simplify FreeTypeFont.getmask2()#7645
radarhere merged 1 commit intopython-pillow:mainfrom
nulano:font-bomb

Conversation

@nulano
Copy link
Contributor

@nulano nulano commented Dec 27, 2023
edited by radarhere
Loading

Changes proposed in this pull request:

  • Call Image._decompression_bomb_check directly in fill rather than duplicating its code. If an error is raised, it is propagated via the if (image == NULL) branch.
  • On error, delete the Python image object by releasing the only reference to it (causing Python to call its tp_dealloc slot, i.e. _dealloc in _imaging.c) instead of just freeing the memory it points to (added in Improved checks in font_render #7218).
  • Avoid nonlocal variables (to simplify adding type hints in a future PR by avoiding the need for a typing.cast or assert size is not None).

This partially reverts changes from #7246, which was connected to an oss-fuzz error, but I do not see any added tests or reproduction steps. IIUC, the original error was a memory leak, which I avoid in a different way in this PR:

The original code (before #7246) returned image via O format (returning a new reference) and did not Py_DECREF (causing a memory leak).
#7246 instead returns a reference via a nonlocal Python variable and added Py_DECREF.
In this PR I have removed the nonlocal variable and return the existing reference via N format.
See https://docs.python.org/3/c-api/arg.html#c.Py_BuildValue for the difference between O and N.

radarhere
radarhere approved these changes Dec 28, 2023
View reviewed changes
Copy link
Member

@radarhere radarhere left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had imagined that raising a DecompressionBombError during a Python callback from C was somehow bad, but our test suite triggers that scenario with your branch, and it is fine.

Presuming that the memory management in fine (I've checked oss-fuzz with the test case from https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60273 and it passed), I approve - but it is probably not the best idea to adjust code that fixed an oss-fuzz problem less than a week before release, so I suggest holding off on this for now

@nulano
Copy link
Contributor Author

nulano commented Dec 28, 2023

it is probably not the best idea to adjust code that fixed an oss-fuzz problem less than a week before release, so I suggest holding off on this for now

Sure, that sounds reasonable.
There are many other things blocking a PR adding type hints to ImageFont.py anyway.

hugovk
hugovk reviewed Dec 28, 2023
View reviewed changes
@hugovk hugovk added this to the 10.3.0 milestone Dec 31, 2023
@radarhere radarhere merged commit f71cfec into python-pillow:main Jan 4, 2024
@radarhere radarhere changed the title Simplify FreeTypeFont.render Simplify FreeTypeFont.getmask2() Jan 4, 2024
@nulano nulano deleted the font-bomb branch January 4, 2024 13:33
@radarhere radarhere mentioned this pull request Oct 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hugovk hugovk hugovk left review comments

@radarhere radarhere radarhere approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

10.3.0

Development

Successfully merging this pull request may close these issues.

3 participants

@nulano @hugovk @radarhere