szurubooru icon indicating copy to clipboard operation
szurubooru copied to clipboard

Published 20 hours ago verified publisher icon rr-

Allow configuring PIL image size limit

Open a99984b1799 opened this issue 9 months ago • 0 comments

Rehash of #503. Currently uploading very large images can cause the following error:

PIL.Image.DecompressionBombError: Image size (180000000 pixels) exceeds limit of 178956970 pixels, could be decompression bomb DOS attack.
    raise DecompressionBombError(
  File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2826, in _decompression_bomb_check
    _decompression_bomb_check(im.size)
  File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2903, in _open_core
    im = _open_core(fp, filename, prefix)
  File "/usr/lib/python3.8/site-packages/PIL/Image.py", line 2916, in open
    img = Image.open(BytesIO(content))
  File "/opt/app/szurubooru/func/image_hash.py", line 43, in _preprocess_image
    im_array = _preprocess_image(content)
  File "/opt/app/szurubooru/func/image_hash.py", line 229, in generate_signature
    query_signature = image_hash.generate_signature(image_content)
  File "/opt/app/szurubooru/func/posts.py", line 931, in search_by_image
    lookalikes = posts.search_by_image(content)
  File "/opt/app/szurubooru/api/post_api.py", line 295, in get_posts_by_image
    response = handler(ctx, match.groupdict())
  File "/opt/app/szurubooru/rest/app.py", line 104, in application
    app_iter = self.channel.server.application(environ, start_response)
  File "/usr/lib/python3.8/site-packages/waitress/task.py", line 441, in execute
    self.execute()
  File "/usr/lib/python3.8/site-packages/waitress/task.py", line 171, in service
    task.service()
  File "/usr/lib/python3.8/site-packages/waitress/channel.py", line 350, in service
Traceback (most recent call last):
[2024-05-19 08:27:38] waitress Exception while serving /posts/reverse-search
[2024-05-19 08:27:38] szurubooru.middleware.request_logger POST /posts/reverse-search (user=redacted, queries=1)

This can be resolved by adding a configuration option to change the PIL constant PIL.Image.MAX_IMAGE_PIXELS.

I'm not sure if the FFMPEG limitation noted in #503 still applies, but I think the option should be exposed either way.

a99984b1799 avatar May 19 '24 08:05 a99984b1799