Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configuring Pillow maximum image size #584

Open
wrenix opened this issue Dec 8, 2024 · 1 comment
Open

Allow configuring Pillow maximum image size #584

wrenix opened this issue Dec 8, 2024 · 1 comment

Comments

@wrenix
Copy link

wrenix commented Dec 8, 2024
edited
Loading

i have a big scan of an old graph, i like to use that without qualitylost

Change of possible max Imagesize:

[2024-12-08 18:20:29 +0000] [17] [ERROR] Error handling request /api/media/aID/thumbnail/1000?jwt=SECRET&square=false
Traceback (most recent call last):                                                                                                                                                                                                                      File "/usr/local/lib/python3.11/dist-packages/gunicorn/workers/sync.py", line 134, in handle                                                                                                                                                              self.handle_request(listener, req, client, addr) 
   File "/usr/local/lib/python3.11/dist-packages/gunicorn/workers/sync.py", line 177, in handle_request                                                                                                                                                 
     respiter = self.wsgi(environ, resp.start_response)                                                                                                                                                                                                 
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                 
   File "/usr/local/lib/python3.11/dist-packages/flask/app.py", line 1536, in __call__                                                                                                                                                                  
     return self.wsgi_app(environ, start_response)                                                                                                                                                                                                      
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                      
   File "/usr/local/lib/python3.11/dist-packages/flask/app.py", line 1514, in wsgi_app                                                                                                                                                                  
     response = self.handle_exception(e)                                                                                                                                                                                                                
                ^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                                
   File "/usr/local/lib/python3.11/dist-packages/flask/app.py", line 1511, in wsgi_app                                                                                                                                                                  
     response = self.full_dispatch_request()                                                                                                                                                                                                            
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                            
   File "/usr/local/lib/python3.11/dist-packages/flask/app.py", line 919, in full_dispatch_request                                                                                                                                                      
     rv = self.handle_user_exception(e)                                                                                                                                                                                                                 
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                                 
   File "/usr/local/lib/python3.11/dist-packages/flask/app.py", line 917, in full_dispatch_request                                                                                                                                                      
     rv = self.dispatch_request()                                                                                                                                                                                                                       
          ^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                                       
   File "/usr/local/lib/python3.11/dist-packages/flask/app.py", line 902, in dispatch_request                                                                                                                                                           
     return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)  # type: ignore[no-any-return]                                                                                                                                            
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                           
   File "/usr/local/lib/python3.11/dist-packages/gramps_webapi/api/auth.py", line 44, in wrapper                                                                                                                                                        
     return func(*args, **kwargs)                                                                                                                                                                                                                       
            ^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                                       
   File "/usr/local/lib/python3.11/dist-packages/webargs/core.py", line 657, in wrapper                                                                                                                                                                 
     return func(*args, **kwargs)                                                                                                                                                                                                                       
            ^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                                       
   File "/usr/local/lib/python3.11/dist-packages/flask_caching/__init__.py", line 426, in decorated_function                                                                                                                                            
     rv = self._call_fn(f, *args, **kwargs)                                                                                                                                                                                                             
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                             
   File "/usr/local/lib/python3.11/dist-packages/flask_caching/__init__.py", line 185, in _call_fn                                                                                                                                                      
     return ensure_sync(fn)(*args, **kwargs)                                                                                                                                                                                                            
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                            
   File "/usr/local/lib/python3.11/dist-packages/gramps_webapi/api/__init__.py", line 416, in get_thumbnail                                                                                                                                             
     return handler.send_thumbnail(size=size, square=args["square"])                                                                                                                                                                                    
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                    
   File "/usr/local/lib/python3.11/dist-packages/gramps_webapi/api/file.py", line 225, in send_thumbnail                                                                                                                                                
     buffer = thumb.get_thumbnail(size=size, square=square)                                                                                                                                                                                             
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                             
   File "/usr/local/lib/python3.11/dist-packages/gramps_webapi/api/image.py", line 186, in get_thumbnail                                                                                                                                                
     img = self.get_image()                                                                                                                                                                                                                             
           ^^^^^^^^^^^^^^^^                                                                                                                                                                                                                             
   File "/usr/local/lib/python3.11/dist-packages/gramps_webapi/api/image.py", line 127, in get_image                                                                                                                                                    
     return Image.open(self.stream)                                                                                                                                                                                                                     
            ^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                                     
   File "/usr/lib/python3/dist-packages/PIL/Image.py", line 3268, in open                                                                                                                                                                               
     im = _open_core(fp, filename, prefix, formats)                                                                                                                                                                                                     
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                                                                                                                                                                     
   File "/usr/lib/python3/dist-packages/PIL/Image.py", line 3255, in _open_core                                                                                                                                                                         
     _decompression_bomb_check(im.size)
   File "/usr/lib/python3/dist-packages/PIL/Image.py", line 3164, in _decompression_bomb_check
     raise DecompressionBombError(msg)                                                                                                                                                                                                                   PIL.Image.DecompressionBombError: Image size (209000000 pixels) exceeds limit of 178956970 pixels, could be decompression bomb DOS attack.
@DavidMStraub
Copy link
Member

So, this is a feature request to allow customizing Pillow max image size?

I wouldn't mind having this if somebody contributes it - just add a new config option PILLOW_MAX_IMAGE_PIXELS which should default to PIL.Image.MAX_IMAGE_PIXELS.

@DavidMStraub DavidMStraub changed the title PIL.Image.DecompressionBombError: Image size (209000000 pixels) exceeds limit of 178956970 pixels, could b e decompression bomb DOS attack. Allow configuring Pillow maximum image size Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DavidMStraub @wrenix