KomuSolutions/igot99issues
3
0
Issues 12 Projects 1 Wiki

Szuru doesn't allow images with more than 178956970 pixels #45

New Issue
Open
opened 2024-06-17 12:56:51 +02:00 by lukas · 0 comments
lukas commented 2024-06-17 12:56:51 +02:00
Owner
Copy Link

Some very large images are not accepted by szurubooru, as the server thinks it is an attack:

[2024-06-17 10:48:11] waitress Exception while serving /post/501
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/waitress/channel.py", line 350, in service
    task.service()
  File "/usr/lib/python3.8/site-packages/waitress/task.py", line 171, in service
    self.execute()
  File "/usr/lib/python3.8/site-packages/waitress/task.py", line 441, in execute
    app_iter = self.channel.server.application(environ, start_response)
  File "/opt/app/szurubooru/rest/app.py", line 104, in application
    response = handler(ctx, match.groupdict())
  File "/opt/app/szurubooru/api/post_api.py", line 127, in update_post
    posts.update_post_content(
  File "/opt/app/szurubooru/func/posts.py", line 646, in update_post_content
    post.signature = generate_post_signature(post, content)
  File "/opt/app/szurubooru/func/posts.py", line 551, in generate_post_signature
    unpacked_signature = image_hash.generate_signature(content)
  File "/opt/app/szurubooru/func/image_hash.py", line 229, in generate_signature
    im_array = _preprocess_image(content)
  File "/opt/app/szurubooru/func/image_hash.py", line 43, in _preprocess_image
    img = Image.open(BytesIO(content))
  File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2916, in open
    im = _open_core(fp, filename, prefix)
  File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2903, in _open_core
    _decompression_bomb_check(im.size)
  File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2826, in _decompression_bomb_check
    raise DecompressionBombError(
PIL.Image.DecompressionBombError: Image size (191410768 pixels) exceeds limit of 178956970 pixels, could be decompression bomb DOS attack.

Changing this pixel count requires a custom image, as this variable is hardcoded into the code. https://github.com/rr-/szurubooru/issues/503 and https://github.com/rr-/szurubooru/issues/662 provide solutions on this.

Some very large images are not accepted by szurubooru, as the server thinks it is an attack: ``` [2024-06-17 10:48:11] waitress Exception while serving /post/501 Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/waitress/channel.py", line 350, in service task.service() File "/usr/lib/python3.8/site-packages/waitress/task.py", line 171, in service self.execute() File "/usr/lib/python3.8/site-packages/waitress/task.py", line 441, in execute app_iter = self.channel.server.application(environ, start_response) File "/opt/app/szurubooru/rest/app.py", line 104, in application response = handler(ctx, match.groupdict()) File "/opt/app/szurubooru/api/post_api.py", line 127, in update_post posts.update_post_content( File "/opt/app/szurubooru/func/posts.py", line 646, in update_post_content post.signature = generate_post_signature(post, content) File "/opt/app/szurubooru/func/posts.py", line 551, in generate_post_signature unpacked_signature = image_hash.generate_signature(content) File "/opt/app/szurubooru/func/image_hash.py", line 229, in generate_signature im_array = _preprocess_image(content) File "/opt/app/szurubooru/func/image_hash.py", line 43, in _preprocess_image img = Image.open(BytesIO(content)) File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2916, in open im = _open_core(fp, filename, prefix) File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2903, in _open_core _decompression_bomb_check(im.size) File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2826, in _decompression_bomb_check raise DecompressionBombError( PIL.Image.DecompressionBombError: Image size (191410768 pixels) exceeds limit of 178956970 pixels, could be decompression bomb DOS attack. ``` Changing this pixel count requires a custom image, as this variable is hardcoded into the code. https://github.com/rr-/szurubooru/issues/503 and https://github.com/rr-/szurubooru/issues/662 provide solutions on this.
lukas added the
Priority
Low
Kind
Bug
Status
Acknowledged
Domain
libre.moe
Service
Szuru
 labels 2024-06-17 12:56:51 +02:00
lukas self-assigned this 2024-06-17 12:56:51 +02:00
lukas added this to the Issue Board project 2024-06-17 12:56:51 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
Breaking

Breaking change that won't be backward compatible

  
Domain
komu.boo

  
Domain
langrock.info

  
Domain
libre.moe

  
Involves
Documentation
Issue invovles changing the documentation

  
Involves
Security
This is security issue

  
Involves
Testing
Issue or pull request related to testing

  
Kind
Bug
Something is not working

  
Kind
Enhancement
Improve existing functionality

  
Priority
Critical
The priority is critical

  
Priority
High
The priority is high

  
Priority
Low
The priority is low

  
Priority
Medium
The priority is medium

  
Service
Drone

  
Service
Element

  
Service
Gitea

  
Service
Matrix

  
Service
Nextcloud

  
Service
Szuru

  
Status
Abandoned
Somebody has started to work on this but abandoned work

  
Status
Acknowledged
Issue has been confirmed

  
Status
Blocked
Something is blocking this issue or pull request

  
Status
Duplicate
This issue or pull request already exists

  
Status
Invalid
Invalid issue

  
Status
Need More Info
Feedback is required to reproduce issue or to continue work

  
Status
Won't Fix
This issue won't be fixed

No Label
Breaking
Domain
komu.boo
Domain
langrock.info
Domain
libre.moe
Involves
Documentation
Involves
Security
Involves
Testing
Kind
Bug
Kind
Enhancement
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Service
Drone
Service
Element
Service
Gitea
Service
Matrix
Service
Nextcloud
Service
Szuru
Status
Abandoned
Status
Acknowledged
Status
Blocked
Status
Duplicate
Status
Invalid
Status
Need More Info
Status
Won't Fix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Issue Board
Assignees
Clear assignees
No Assignees
lukas
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: KomuSolutions/igot99issues#45
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?