Issue with DecompressionBombWarning with high pixel images #1425
Assignees
Comments
|
See also #1330. |
vinitkumar
added a commit
that referenced
this issue
Sep 24, 2023
Filer allowed for the images for very high pixels (height * width) to be
uploaded. This would cause crash and failures when the high pixels
exceeded what is allowed by Pillow Image MAX_IMAGE_PIXELS value.
This is an issue because even though the image is possible to be created
and attached to the page, it would never work as PIL always fails to
thumbnails such high pixel image and crashes causing crash and high
memory usages in such pages.
This patch, fixes this issues in the bud as it wouldn't allow such files
to be uploaded via FILER itself. It also allows to set a lower limit
FILER_MAX_IMAGE_PIXELS so that users can limit the max pixels to value
much lower than what PIL support.
- Github Issue
- #1425
- #1330
Authored-by: Vinit Kumar <[email protected]>
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Filer allows for images to be uploaded to the storages. There is a setting where we can limit the size of the image. However, there is no way to prevent
DecompressionBombWarningthat can happen when you have added a high pixel image which Pillow can't handle.In that case you end up with errors like this
I believe, we should make use of the check for max allowed Pixel from Pillow and give a validation error before uploading such images as I have experience downtime in website because filer allowed such high pixel images to be uploaded and then crash the page as pillow can't handle it. Even the filers own thumb-nailing won't succeed because of this issue as it can' handle such files. I believe it is a real issue and filer is the correct place to solve this.
The text was updated successfully, but these errors were encountered: