Page MenuHomePhabricator

Improve error and large file handling in thumbnailing
ClosedPublic

Authored by epriestley on Mar 14 2014, 5:11 PM.
Tags
None
Referenced Files
F14017040: D8536.id20257.diff
Mon, Nov 4, 1:51 PM
F14008951: D8536.id20257.diff
Wed, Oct 30, 8:11 AM
F14004173: D8536.id.diff
Sat, Oct 26, 4:40 PM
F14000982: D8536.id20257.diff
Fri, Oct 25, 3:00 AM
F14000516: D8536.diff
Thu, Oct 24, 10:27 PM
F13996994: D8536.id20257.diff
Thu, Oct 24, 1:34 AM
F13994373: D8536.id20248.diff
Wed, Oct 23, 5:43 AM
Unknown Object (File)
Sep 27 2024, 9:48 AM
Subscribers

Details

Reviewers
btrahan
Maniphest Tasks
Restricted Maniphest Task
T4406: Allow for 100x100 images in profile and projects
Commits
Restricted Diffusion Commit
rP6b4887ab224a: Improve error and large file handling in thumbnailing
Summary

Ref T2479, T4406. We should do a better job of (a) handling image processing errors and (b) declining to process large image files.

This fixes the worst of it, which is that users can upload huge GIFs with a large number of frames and hang a convert process for a long time, eating a CPU and a pile of memory.

This code is still pretty iffy and needs some more work. A near-term product goal for it is supporting 100x100 profile images.

Test Plan

Uploaded large and small GIFs, after setting the definition of "enormous" to be pretty small. Saw the small GIFs thumbnail into animated GIFs, and the large ones thumbnail into static images.

Diff Detail

Repository
rP Phabricator
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

epriestley retitled this revision from to Improve error and large file handling in thumbnailing.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.

We're still vulnerable to users uploading really huge PNGs, in that we'll spend far more resources processing them than the attacker requires to upload them, but I'd like to update this code more comprehensively before trying to fix that.

btrahan edited edge metadata.
This revision is now accepted and ready to land.Mar 14 2014, 5:54 PM
epriestley updated this revision to Diff 20257.

Closed by commit rP6b4887ab224a (authored by @epriestley).