Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Large file misidentified as a decompression bomb #164

Closed
Equinox3141 opened this issue May 12, 2024 · 2 comments
Closed

Large file misidentified as a decompression bomb #164

Equinox3141 opened this issue May 12, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@Equinox3141
Copy link

There's a file in my library that can't be interacted with or shown (other than a red crossed out tag). Due to it being misinterpreted as a decompression bomb DOS attack. Warning message below.

D:\TagStudio-main.venv\Lib\site-packages\PIL\Image.py:3218: DecompressionBombWarning: Image size (108603828 pixels) exceeds limit of 89478485 pixels, could be decompression bomb DOS attack.
warnings.warn(

I was confused by this, so after some searching through the folder that I was looking at, I found that the file it was struggling with was a very large .png file that was about 20000x14000 px.
@Thesacraft
Copy link
Collaborator

Thesacraft commented May 12, 2024
edited

Hi,
This error is caused by a library and is kind of fixable:
You can suppress this error by setting Image.MAX_IMAGE_PIXELS=None
Or
IMAGE.MAX_IMAGE_PIXELS=108603829

(You can add this in thumbrenderer.py and I think it should work)
But i don't think it is a good idea to have safety precautions disabled or weakened in production code. But I'm not sure what others think about it.

Update:

Fixed the interaction, but now the thumbnail doesn't render, this is intentional, because I think we shouldn't remove the safety precaution.

@Thesacraft Thesacraft mentioned this issue May 12, 2024
Merged
@CyanVoxel CyanVoxel added the bug Something isn't working label May 13, 2024
CyanVoxel pushed a commit that referenced this issue May 13, 2024
@Thesacraft
Fix pillow decompression bomb error mentioned in #164 (#166)
6a2199d 
* Fixes DecompressionBombError

* Fixes DecompressionBombError in PreviewPanel

* Ruff reformat

* Handle all DecompressionBombErrors

* Handle all DecompressionBombErrors

* RUFF

* fix typo

Co-authored-by: Travis Abendshien <46939827+CyanVoxel@users.noreply.github.com>

* fix typo

Co-authored-by: Travis Abendshien <46939827+CyanVoxel@users.noreply.github.com>

* Ruff reformat

---------

Co-authored-by: Thesacraft <admin@samuelbellmann.de>
@CyanVoxel
Copy link
Member

Fixed in #166

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Equinox3141 @CyanVoxel @Thesacraft