-
-
Notifications
You must be signed in to change notification settings - Fork 653
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vips thumbnail
always fails on warnings [8.13.x]
#2973
Comments
Hi @kstanikviacbs, Ooof that's annoying, I thought we'd fixed this. I agree, it's not working properly, I see:
I'll have a look. |
Thanks, I really appreciate the quick reaction. |
Ah it's the thumbnail fail-on, as you guessed. You now need to set
|
The thing is that no matter which |
It's working for me. With this test JPG: I see:
And it writes: Could you share your test image? |
I started wondering if this has something to do with some changes introduced in handling Huffman code errors which is the case for this one from above. Perhaps it might be related to libjpeg instead, right? |
With your file I see:
So there's an error in the header, not in the pixel data. Without a header, there's not much libvips can do. I wonder how firefox is displaying it? I suppose they have some extra code to fix up corrupt huffman codes. |
Interesting fact is that exactly the same image works with 8.12.x. |
Ok, there's one thing that's different, 8.12.2 treats it like a warning:
|
Ah, it's this change: https://github.com/libvips/libvips/blob/master/libvips/foreign/jpeg2vips.c#L332-L333 ie. more than 100 warnings counts as an error. This change was needed to prevent a class of denial-of-service attack: you can make jpg decodes extremely slow (as in many, many minutes) by deliberately making a file which will trigger 10000s of warnings. |
Here's the issue: #2749 |
Ach, gotcha, thanks for clarification. Well, I'm afraid I need to adjust that parameter for my use case, it's not exposed to API in any way right? The only way to go for me would be to change it on my side and build from sources, correct? |
Other loaders have an But yes, until we add it, you'll have to patch the sources yourself. |
Understood, thanks for all your support, this is really helpful. Would be great to have such option there as well at some point in the future. For the time being - I would discuss options with the team and potentially patch the sources by myself. |
To disable DoS limits for JPEG loading. Adding API on a stable branch is bad, but this fixes a regression, so I think it's necessary, unfortunately. See #2973
I had a few minutes, so I added |
(and thanks for reporting this issue!) |
Based on my findings it seems like calling
vips thumbnail
with 8.13.x with images causing vips warnings leads to vips failing and stopping. This was not the case before (8.12.x). Also - passingfail-on
parameter to overwrite the default one: (none
) has no effect.Could it be considered a bug introduced somehow by that change: f06c9f3 or control over failing logic has changed in another way and I've missed that?
The text was updated successfully, but these errors were encountered: