From 5c3db10f7a9cafd9b2d145a40864a445b2ee6edc Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 25 Jan 2024 13:23:56 +0100
Subject: [PATCH] Don't allow __ or builtins in env dictionarys for
 ImageMath.eval

---
 Tests/test_imagemath.py | 5 +++++
 src/PIL/ImageMath.py    | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/Tests/test_imagemath.py b/Tests/test_imagemath.py
index d3b7ba3..2467078 100644
--- a/Tests/test_imagemath.py
+++ b/Tests/test_imagemath.py
@@ -63,6 +63,11 @@ class TestImageMath(PillowTestCase):
         self.assertRaises(ValueError, ImageMath.eval("(lambda: exec('pass'))()"))
         self.assertRaises(ValueError, ImageMath.eval("(lambda: (lambda: exec('pass'))())()"))
 
+    def test_prevent_double_underscores(self):
+        self.assertRaises(ValueError, ImageMath.eval("1", {"__": None}))
+    
+    def test_prevent_builtins(self):
+        self.assertRaises(ValueError, ImageMath.eval("(lambda: exec('exit()'))()", {"exec": None}))
 
     def test_logical(self):
         self.assertEqual(pixel(ImageMath.eval("not A", images)), 0)
diff --git a/src/PIL/ImageMath.py b/src/PIL/ImageMath.py
index 13839e4..94108cf 100644
--- a/src/PIL/ImageMath.py
+++ b/src/PIL/ImageMath.py
@@ -257,6 +257,11 @@ def eval(expression, _dict={}, **kw):
 
     # build execution namespace
     args = ops.copy()
+    for k in list(_dict.keys()) + list(kw.keys()):
+        if "__" in k or hasattr(builtins, k):
+            msg = f"'{k}' not allowed"
+            raise ValueError(msg)
+
     args.update(_dict)
     args.update(kw)
     for k, v in list(args.items()):
-- 
2.43.0