Limit length of read operation

radarhere · radarhere · commit 485d9884cf7a · 2025-09-02T21:24:57.000+10:00
diff --git a/Tests/test_imagefont.py b/Tests/test_imagefont.py
@@ -492,6 +492,11 @@ def test_stroke_mask() -> None:
     assert mask.getpixel((42, 5)) == 255
 
 
+def test_load_invalid_file() -> None:
+    with pytest.raises(SyntaxError, match="Not a PILfont file"):
+        ImageFont.load("Tests/images/1_trns.png")
+
+
 def test_load_when_image_not_found() -> None:
     with tempfile.NamedTemporaryFile(delete=False) as tmp:
         pass
diff --git a/src/PIL/ImageFont.py b/src/PIL/ImageFont.py
@@ -126,7 +126,7 @@ def _load_pilfont(self, filename: str) -> None:
 
     def _load_pilfont_data(self, file: IO[bytes], image: Image.Image) -> None:
         # read PILfont header
-        if file.readline() != b"PILfont\n":
+        if file.read(8) != b"PILfont\n":
             msg = "Not a PILfont file"
             raise SyntaxError(msg)
         file.readline()
