diff -rupN --no-dereference Pillow-7.2.0/src/libImaging/FliDecode.c Pillow-7.2.0-new/src/libImaging/FliDecode.c
--- Pillow-7.2.0/src/libImaging/FliDecode.c	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/src/libImaging/FliDecode.c	2021-07-24 22:47:24.147288432 +0200
@@ -242,6 +242,11 @@ ImagingFliDecode(Imaging im, ImagingCode
                 return -1;
         }
         advance = I32(ptr);
+        if (advance == 0 ) {
+            // If there's no advance, we're in an infinite loop
+            state->errcode = IMAGING_CODEC_BROKEN;
+            return -1;
+        }
         if (advance < 0 || advance > bytes) {
             state->errcode = IMAGING_CODEC_OVERRUN;
             return -1;
diff -rupN --no-dereference Pillow-7.2.0/src/libImaging/Jpeg2KDecode.c Pillow-7.2.0-new/src/libImaging/Jpeg2KDecode.c
--- Pillow-7.2.0/src/libImaging/Jpeg2KDecode.c	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/src/libImaging/Jpeg2KDecode.c	2021-07-24 22:47:24.148288510 +0200
@@ -589,7 +589,7 @@ j2k_decode_entry(Imaging im, ImagingCode
     j2k_unpacker_t unpack = NULL;
     size_t buffer_size = 0, tile_bytes = 0;
     unsigned n, tile_height, tile_width;
-    int components;
+    int total_component_width = 0;
 
 
     stream = opj_stream_create(BUFFER_SIZE, OPJ_TRUE);
@@ -751,23 +751,40 @@ j2k_decode_entry(Imaging im, ImagingCode
             goto quick_exit;
         }
 
+        if (tile_info.nb_comps != image->numcomps) {
+            state->errcode = IMAGING_CODEC_BROKEN;
+            state->state = J2K_STATE_FAILED;
+            goto quick_exit;
+        }
+
         /* Sometimes the tile_info.datasize we get back from openjpeg
-           is less than numcomps*w*h, and we overflow in the
+           is less than sum(comp_bytes)*w*h, and we overflow in the
            shuffle stage */
 
         tile_width = tile_info.x1 - tile_info.x0;
         tile_height = tile_info.y1 - tile_info.y0;
-        components = tile_info.nb_comps == 3 ? 4 : tile_info.nb_comps;
-        if (( tile_width > UINT_MAX / components ) ||
-            ( tile_height > UINT_MAX / components ) ||
-            ( tile_width > UINT_MAX / (tile_height * components )) ||
-            ( tile_height > UINT_MAX / (tile_width * components ))) {
+
+        /* Total component width = sum (component_width) e.g, it's
+         legal for an la file to have a 1 byte width for l, and 4 for
+         a, and then a malicious file could have a smaller tile_bytes
+        */
+
+        for (n=0; n < tile_info.nb_comps; n++) {
+            // see csize /acsize calcs
+            int csize = (image->comps[n].prec + 7) >> 3;
+            csize = (csize == 3) ? 4 : csize;
+            total_component_width += csize;
+        }
+        if ((tile_width > UINT_MAX / total_component_width) ||
+            (tile_height > UINT_MAX / total_component_width) ||
+            (tile_width > UINT_MAX / (tile_height * total_component_width)) ||
+            (tile_height > UINT_MAX / (tile_width * total_component_width))) {
             state->errcode = IMAGING_CODEC_BROKEN;
             state->state = J2K_STATE_FAILED;
             goto quick_exit;
         }
 
-        tile_bytes = tile_width * tile_height * components;
+        tile_bytes = tile_width * tile_height * total_component_width;
 
         if (tile_bytes > tile_info.data_size) {
             tile_info.data_size = tile_bytes;
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/BlpImagePlugin.py Pillow-7.2.0-new/src/PIL/BlpImagePlugin.py
--- Pillow-7.2.0/src/PIL/BlpImagePlugin.py	2021-07-24 22:47:24.108285364 +0200
+++ Pillow-7.2.0-new/src/PIL/BlpImagePlugin.py	2021-07-24 22:47:24.163289691 +0200
@@ -286,33 +286,36 @@ class _BLPBaseDecoder(ImageFile.PyDecode
             raise OSError("Truncated Blp file") from e
         return 0, 0
 
+    def _safe_read(self, length):
+        return ImageFile._safe_read(self.fd, length)
+
     def _read_palette(self):
         ret = []
         for i in range(256):
             try:
-                b, g, r, a = struct.unpack("<4B", self.fd.read(4))
+                b, g, r, a = struct.unpack("<4B", self._safe_read(4))
             except struct.error:
                 break
             ret.append((b, g, r, a))
         return ret
 
     def _read_blp_header(self):
-        (self._blp_compression,) = struct.unpack("<i", self.fd.read(4))
+        (self._blp_compression,) = struct.unpack("<i", self._safe_read(4))
 
-        (self._blp_encoding,) = struct.unpack("<b", self.fd.read(1))
-        (self._blp_alpha_depth,) = struct.unpack("<b", self.fd.read(1))
-        (self._blp_alpha_encoding,) = struct.unpack("<b", self.fd.read(1))
-        (self._blp_mips,) = struct.unpack("<b", self.fd.read(1))
+        (self._blp_encoding,) = struct.unpack("<b", self._safe_read(1))
+        (self._blp_alpha_depth,) = struct.unpack("<b", self._safe_read(1))
+        (self._blp_alpha_encoding,) = struct.unpack("<b", self._safe_read(1))
+        (self._blp_mips,) = struct.unpack("<b", self._safe_read(1))
 
-        self.size = struct.unpack("<II", self.fd.read(8))
+        self.size = struct.unpack("<II", self._safe_read(8))
 
         if self.magic == b"BLP1":
             # Only present for BLP1
-            (self._blp_encoding,) = struct.unpack("<i", self.fd.read(4))
-            (self._blp_subtype,) = struct.unpack("<i", self.fd.read(4))
+            (self._blp_encoding,) = struct.unpack("<i", self._safe_read(4))
+            (self._blp_subtype,) = struct.unpack("<i", self._safe_read(4))
 
-        self._blp_offsets = struct.unpack("<16I", self.fd.read(16 * 4))
-        self._blp_lengths = struct.unpack("<16I", self.fd.read(16 * 4))
+        self._blp_offsets = struct.unpack("<16I", self._safe_read(16 * 4))
+        self._blp_lengths = struct.unpack("<16I", self._safe_read(16 * 4))
 
 
 class BLP1Decoder(_BLPBaseDecoder):
@@ -324,7 +327,7 @@ class BLP1Decoder(_BLPBaseDecoder):
             if self._blp_encoding in (4, 5):
                 data = bytearray()
                 palette = self._read_palette()
-                _data = BytesIO(self.fd.read(self._blp_lengths[0]))
+                _data = BytesIO(self._safe_read(self._blp_lengths[0]))
                 while True:
                     try:
                         (offset,) = struct.unpack("<B", _data.read(1))
@@ -346,10 +349,10 @@ class BLP1Decoder(_BLPBaseDecoder):
     def _decode_jpeg_stream(self):
         from PIL.JpegImagePlugin import JpegImageFile
 
-        (jpeg_header_size,) = struct.unpack("<I", self.fd.read(4))
-        jpeg_header = self.fd.read(jpeg_header_size)
-        self.fd.read(self._blp_offsets[0] - self.fd.tell())  # What IS this?
-        data = self.fd.read(self._blp_lengths[0])
+        (jpeg_header_size,) = struct.unpack("<I", self._safe_read(4))
+        jpeg_header = self._safe_read(jpeg_header_size)
+        self._safe_read(self._blp_offsets[0] - self.fd.tell())  # What IS this?
+        data = self._safe_read(self._blp_lengths[0])
         data = jpeg_header + data
         data = BytesIO(data)
         image = JpegImageFile(data)
@@ -370,7 +373,7 @@ class BLP2Decoder(_BLPBaseDecoder):
             # Uncompressed or DirectX compression
 
             if self._blp_encoding == BLP_ENCODING_UNCOMPRESSED:
-                _data = BytesIO(self.fd.read(self._blp_lengths[0]))
+                _data = BytesIO(self._safe_read(self._blp_lengths[0]))
                 while True:
                     try:
                         (offset,) = struct.unpack("<B", _data.read(1))
@@ -384,20 +387,20 @@ class BLP2Decoder(_BLPBaseDecoder):
                     linesize = (self.size[0] + 3) // 4 * 8
                     for yb in range((self.size[1] + 3) // 4):
                         for d in decode_dxt1(
-                            self.fd.read(linesize), alpha=bool(self._blp_alpha_depth)
+                            self._safe_read(linesize), alpha=bool(self._blp_alpha_depth)
                         ):
                             data += d
 
                 elif self._blp_alpha_encoding == BLP_ALPHA_ENCODING_DXT3:
                     linesize = (self.size[0] + 3) // 4 * 16
                     for yb in range((self.size[1] + 3) // 4):
-                        for d in decode_dxt3(self.fd.read(linesize)):
+                        for d in decode_dxt3(self._safe_read(linesize)):
                             data += d
 
                 elif self._blp_alpha_encoding == BLP_ALPHA_ENCODING_DXT5:
                     linesize = (self.size[0] + 3) // 4 * 16
                     for yb in range((self.size[1] + 3) // 4):
-                        for d in decode_dxt5(self.fd.read(linesize)):
+                        for d in decode_dxt5(self._safe_read(linesize)):
                             data += d
                 else:
                     raise BLPFormatError(
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/EpsImagePlugin.py Pillow-7.2.0-new/src/PIL/EpsImagePlugin.py
--- Pillow-7.2.0/src/PIL/EpsImagePlugin.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/src/PIL/EpsImagePlugin.py	2021-07-24 22:47:24.163289691 +0200
@@ -170,12 +170,12 @@ class PSFile:
         self.fp.seek(offset, whence)
 
     def readline(self):
-        s = self.char or b""
+        s = [self.char or b""]
         self.char = None
 
         c = self.fp.read(1)
-        while c not in b"\r\n":
-            s = s + c
+        while (c not in b"\r\n") and len(c):
+            s.append(c)
             c = self.fp.read(1)
 
         self.char = self.fp.read(1)
@@ -183,7 +183,7 @@ class PSFile:
         if self.char in b"\r\n":
             self.char = None
 
-        return s.decode("latin-1")
+        return b"".join(s).decode("latin-1")
 
 
 def _accept(prefix):
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/ImageFile.py Pillow-7.2.0-new/src/PIL/ImageFile.py
--- Pillow-7.2.0/src/PIL/ImageFile.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/src/PIL/ImageFile.py	2021-07-24 22:47:24.164289769 +0200
@@ -551,12 +551,18 @@ def _safe_read(fp, size):
 
     :param fp: File handle.  Must implement a <b>read</b> method.
     :param size: Number of bytes to read.
-    :returns: A string containing up to <i>size</i> bytes of data.
+    :returns: A string containing <i>size</i> bytes of data.
+
+    Raises an OSError if the file is truncated and the read cannot be completed
+
     """
     if size <= 0:
         return b""
     if size <= SAFEBLOCK:
-        return fp.read(size)
+        data = fp.read(size)
+        if len(data) < size:
+            raise OSError("Truncated File Read")
+        return data
     data = []
     while size > 0:
         block = fp.read(min(size, SAFEBLOCK))
@@ -564,6 +570,8 @@ def _safe_read(fp, size):
             break
         data.append(block)
         size -= len(block)
+    if sum(len(d) for d in data) < size:
+        raise OSError("Truncated File Read")
     return b"".join(data)
 
 
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/ImageFont.py Pillow-7.2.0-new/src/PIL/ImageFont.py
--- Pillow-7.2.0/src/PIL/ImageFont.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/src/PIL/ImageFont.py	2021-07-24 22:47:24.165289848 +0200
@@ -472,6 +472,7 @@ class FreeTypeFont:
             text, mode == "1", direction, features, language
         )
         size = size[0] + stroke_width * 2, size[1] + stroke_width * 2
+        Image._decompression_bomb_check(size)
         im = fill("L", size, 0)
         self.font.render(
             text, im.id, mode == "1", direction, features, language, stroke_width
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/PsdImagePlugin.py Pillow-7.2.0-new/src/PIL/PsdImagePlugin.py
--- Pillow-7.2.0/src/PIL/PsdImagePlugin.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/src/PIL/PsdImagePlugin.py	2021-07-24 22:47:24.165289848 +0200
@@ -117,7 +117,8 @@ class PsdImageFile(ImageFile.ImageFile):
             end = self.fp.tell() + size
             size = i32(read(4))
             if size:
-                self.layers = _layerinfo(self.fp)
+                _layer_data = io.BytesIO(ImageFile._safe_read(self.fp, size))
+                self.layers = _layerinfo(_layer_data, size)
             self.fp.seek(end)
         self.n_frames = len(self.layers)
         self.is_animated = self.n_frames > 1
@@ -169,11 +170,20 @@ class PsdImageFile(ImageFile.ImageFile):
             self.__fp = None
 
 
-def _layerinfo(file):
+def _layerinfo(fp, ct_bytes):
     # read layerinfo block
     layers = []
-    read = file.read
-    for i in range(abs(i16(read(2)))):
+
+    def read(size):
+        return ImageFile._safe_read(fp, size)
+
+    ct = i16(read(2))
+
+    # sanity check
+    if ct_bytes < (abs(ct) * 20):
+        raise SyntaxError("Layer block too short for number of layers requested")
+
+    for i in range(abs(ct)):
 
         # bounding box
         y0 = i32(read(4))
@@ -184,7 +194,8 @@ def _layerinfo(file):
         # image info
         info = []
         mode = []
-        types = list(range(i16(read(2))))
+        ct_types = i16(read(2))
+        types = list(range(ct_types))
         if len(types) > 4:
             continue
 
@@ -217,16 +228,16 @@ def _layerinfo(file):
         size = i32(read(4))  # length of the extra data field
         combined = 0
         if size:
-            data_end = file.tell() + size
+            data_end = fp.tell() + size
 
             length = i32(read(4))
             if length:
-                file.seek(length - 16, io.SEEK_CUR)
+                fp.seek(length - 16, io.SEEK_CUR)
             combined += length + 4
 
             length = i32(read(4))
             if length:
-                file.seek(length, io.SEEK_CUR)
+                fp.seek(length, io.SEEK_CUR)
             combined += length + 4
 
             length = i8(read(1))
@@ -236,7 +247,7 @@ def _layerinfo(file):
                 name = read(length).decode("latin-1", "replace")
             combined += length + 1
 
-            file.seek(data_end)
+            fp.seek(data_end)
         layers.append((name, mode, (x0, y0, x1, y1)))
 
     # get tiles
@@ -244,7 +255,7 @@ def _layerinfo(file):
     for name, mode, bbox in layers:
         tile = []
         for m in mode:
-            t = _maketile(file, m, bbox, 1)
+            t = _maketile(fp, m, bbox, 1)
             if t:
                 tile.extend(t)
         layers[i] = name, mode, bbox, tile
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_decompression_bomb.py Pillow-7.2.0-new/Tests/test_decompression_bomb.py
--- Pillow-7.2.0/Tests/test_decompression_bomb.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/Tests/test_decompression_bomb.py	2021-07-24 22:47:24.165289848 +0200
@@ -51,6 +51,7 @@ class TestDecompressionBomb:
             with Image.open(TEST_FILE):
                 pass
 
+    @pytest.mark.xfail(reason="different exception")
     def test_exception_ico(self):
         with pytest.raises(Image.DecompressionBombError):
             Image.open("Tests/images/decompression_bomb.ico")
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_apng.py Pillow-7.2.0-new/Tests/test_file_apng.py
--- Pillow-7.2.0/Tests/test_file_apng.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/Tests/test_file_apng.py	2021-07-24 22:47:24.166289927 +0200
@@ -286,7 +286,7 @@ def test_apng_syntax_errors():
             exception = e
         assert exception is None
 
-    with pytest.raises(SyntaxError):
+    with pytest.raises(OSError):
         with Image.open("Tests/images/apng/syntax_num_frames_high.png") as im:
             im.seek(im.n_frames - 1)
             im.load()
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_blp.py Pillow-7.2.0-new/Tests/test_file_blp.py
--- Pillow-7.2.0/Tests/test_file_blp.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/Tests/test_file_blp.py	2021-07-24 22:47:24.166289927 +0200
@@ -1,4 +1,5 @@
 from PIL import Image
+import pytest
 
 from .helper import assert_image_equal
 
@@ -19,3 +20,21 @@ def test_load_blp2_dxt1a():
     with Image.open("Tests/images/blp/blp2_dxt1a.blp") as im:
         with Image.open("Tests/images/blp/blp2_dxt1a.png") as target:
             assert_image_equal(im, target)
+
+@pytest.mark.parametrize(
+    "test_file",
+    [
+        "Tests/images/timeout-060745d3f534ad6e4128c51d336ea5489182c69d.blp",
+        "Tests/images/timeout-31c8f86233ea728339c6e586be7af661a09b5b98.blp",
+        "Tests/images/timeout-60d8b7c8469d59fc9ffff6b3a3dc0faeae6ea8ee.blp",
+        "Tests/images/timeout-8073b430977660cdd48d96f6406ddfd4114e69c7.blp",
+        "Tests/images/timeout-bba4f2e026b5786529370e5dfe9a11b1bf991f07.blp",
+        "Tests/images/timeout-d6ec061c4afdef39d3edf6da8927240bb07fe9b7.blp",
+        "Tests/images/timeout-ef9112a065e7183fa7faa2e18929b03e44ee16bf.blp",
+    ],
+)
+def test_crashes(test_file):
+    with open(test_file, "rb") as f:
+        with Image.open(f) as im:
+            with pytest.raises(OSError):
+                im.load()
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_eps.py Pillow-7.2.0-new/Tests/test_file_eps.py
--- Pillow-7.2.0/Tests/test_file_eps.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/Tests/test_file_eps.py	2021-07-24 22:47:24.166289927 +0200
@@ -256,3 +256,15 @@ def test_emptyline():
     assert image.mode == "RGB"
     assert image.size == (460, 352)
     assert image.format == "EPS"
+
+
+@pytest.mark.timeout(timeout=5)
+@pytest.mark.parametrize(
+    "test_file",
+    ["Tests/images/timeout-d675703545fee17acab56e5fec644c19979175de.eps"],
+)
+def test_timeout(test_file):
+    with open(test_file, "rb") as f:
+        with pytest.raises(Image.UnidentifiedImageError):
+            with Image.open(f):
+                pass
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_fli.py Pillow-7.2.0-new/Tests/test_file_fli.py
--- Pillow-7.2.0/Tests/test_file_fli.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/Tests/test_file_fli.py	2021-07-24 22:47:24.166289927 +0200
@@ -123,3 +123,17 @@ def test_seek():
 
         with Image.open("Tests/images/a_fli.png") as expected:
             assert_image_equal(im, expected)
+
+@pytest.mark.parametrize(
+    "test_file",
+    [
+        "Tests/images/timeout-9139147ce93e20eb14088fe238e541443ffd64b3.fli",
+        "Tests/images/timeout-bff0a9dc7243a8e6ede2408d2ffa6a9964698b87.fli",
+    ],
+)
+@pytest.mark.timeout(timeout=3)
+def test_timeouts(test_file):
+    with open(test_file, "rb") as f:
+        with Image.open(f) as im:
+            with pytest.raises(OSError):
+                im.load()
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_jpeg2k.py Pillow-7.2.0-new/Tests/test_file_jpeg2k.py
--- Pillow-7.2.0/Tests/test_file_jpeg2k.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/Tests/test_file_jpeg2k.py	2021-07-24 22:47:24.167290005 +0200
@@ -233,3 +233,19 @@ def test_parser_feed():
 
     # Assert
     assert p.image.size == (640, 480)
+
+
+@pytest.mark.parametrize(
+    "test_file",
+    [
+        "Tests/images/crash-4fb027452e6988530aa5dabee76eecacb3b79f8a.j2k",
+        "Tests/images/crash-7d4c83eb92150fb8f1653a697703ae06ae7c4998.j2k",
+        "Tests/images/crash-ccca68ff40171fdae983d924e127a721cab2bd50.j2k",
+        "Tests/images/crash-d2c93af851d3ab9a19e34503626368b2ecde9c03.j2k",
+    ],
+)
+def test_crashes(test_file):
+    with open(test_file, "rb") as f:
+        with Image.open(f) as im:
+            # Valgrind should not complain here
+            im.load()
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_psd.py Pillow-7.2.0-new/Tests/test_file_psd.py
--- Pillow-7.2.0/Tests/test_file_psd.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/Tests/test_file_psd.py	2021-07-24 22:47:24.167290005 +0200
@@ -127,3 +127,24 @@ def test_combined_larger_than_size():
     # then the seek can't be negative
     with pytest.raises(OSError):
         Image.open("Tests/images/combined_larger_than_size.psd")
+
+@pytest.mark.parametrize(
+    "test_file,raises",
+    [
+        (
+            "Tests/images/timeout-1ee28a249896e05b83840ae8140622de8e648ba9.psd",
+            Image.UnidentifiedImageError,
+        ),
+        (
+            "Tests/images/timeout-598843abc37fc080ec36a2699ebbd44f795d3a6f.psd",
+            Image.UnidentifiedImageError,
+        ),
+        ("Tests/images/timeout-c8efc3fded6426986ba867a399791bae544f59bc.psd", OSError),
+        ("Tests/images/timeout-dedc7a4ebd856d79b4359bbcc79e8ef231ce38f6.psd", OSError),
+    ],
+)
+def test_crashes(test_file, raises):
+    with open(test_file, "rb") as f:
+        with pytest.raises(raises):
+            with Image.open(f):
+                pass
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_tiff.py Pillow-7.2.0-new/Tests/test_file_tiff.py
--- Pillow-7.2.0/Tests/test_file_tiff.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/Tests/test_file_tiff.py	2021-07-24 22:47:24.167290005 +0200
@@ -598,8 +598,9 @@ class TestFileTiff:
     @pytest.mark.filterwarnings("ignore:Possibly corrupt EXIF data")
     def test_string_dimension(self):
         # Assert that an error is raised if one of the dimensions is a string
-        with pytest.raises(ValueError):
-            Image.open("Tests/images/string_dimension.tiff")
+        with Image.open("Tests/images/string_dimension.tiff") as im:
+            with pytest.raises(OSError):
+                im.load()
 
 
 @pytest.mark.skipif(not is_win32(), reason="Windows only")
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_imagefont.py Pillow-7.2.0-new/Tests/test_imagefont.py
--- Pillow-7.2.0/Tests/test_imagefont.py	2020-06-30 09:50:35.000000000 +0200
+++ Pillow-7.2.0-new/Tests/test_imagefont.py	2021-07-24 22:47:24.168290084 +0200
@@ -753,3 +753,15 @@ def test_render_mono_size():
 
     draw.text((10, 10), "r" * 10, "black", ttf)
     assert_image_equal_tofile(im, "Tests/images/text_mono.gif")
+
+@pytest.mark.parametrize(
+    "test_file",
+    [
+        "Tests/fonts/oom-e8e927ba6c0d38274a37c1567560eb33baf74627.ttf",
+    ],
+)
+def test_oom(test_file):
+    with open(test_file, "rb") as f:
+        font = ImageFont.truetype(BytesIO(f.read()))
+        with pytest.raises(Image.DecompressionBombError):
+            font.getmask("Test Text")