Input is just few bytes. Is it OK for such a small input to take so much time and memory? Looks like a zip bomb. I.e. I can force your server to spend arbitrary amount of CPU by sending just few bytes. Or it is OK for this format because of compression (e.g. you encode a huge black image)?