Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uploading a big PNG file as an institution's logo breaks the portal #1442

Closed
herminiogg opened this issue Oct 6, 2022 · 4 comments · Fixed by #1444
Closed

Uploading a big PNG file as an institution's logo breaks the portal #1442

herminiogg opened this issue Oct 6, 2022 · 4 comments · Fixed by #1444

Comments

@herminiogg
Copy link
Contributor

I tried to upload an image (in PNG) as an institution's log bigger than 1MB and the portal crashed. The PNG was created using a SVG file which was exported with high resolution. It would be better to validate the file and/or handling the error.
@mikesname
Copy link
Contributor

Possibly related to #1198. Can I ask what the frontend error looked like?

FYI, it should validate the image size (I think 5MB is the limit), but some weird interaction between the proxy server and the Play app was causing a crash here I never managed to solve. This could be a different issue though.

I got a load of java.lang.OutOfMemoryError: Java heap space errors from the thumbnail resizer at the same time, which may also be related. Could you send me the PNG to test?

@mikesname
Copy link
Contributor

This is the still-unsolved proxy error, for reference:

image

@herminiogg
Copy link
Contributor Author

The error was a blank page. Then, I reloaded the page and I received an error message saying that the service was down (I don't really remember the wording, but it was the typical error when the portal goes down). I will send you the image by email.

@mikesname
Copy link
Contributor

Crash is caused by very high resolution PNG exhausting heap space when trying to create a thumbnail, even when the PNG is below the 5MB max image size.

Need to add a validator for some maximum resolution without loading the image into memory.

mikesname added a commit to mikesname/ehri-frontend that referenced this issue Oct 7, 2022
@mikesname
More thorough validation of uploaded profile images and logos
67b24c2 
Fixes a potential DOS when an image is uploaded that is below the
maximum file size but uses masses of memory to process.

Also extract validation logic into a separate helper
shared by user profile and repositories controller.

Fixes EHRI#1442
mikesname added a commit to mikesname/ehri-frontend that referenced this issue Oct 7, 2022
@mikesname
More thorough validation of uploaded profile images and logos
cabfe1c 
Fixes a potential DOS when an image is uploaded that is below the
maximum file size but uses masses of memory to process.

Also extract validation logic into a separate helper
shared by user profile and repositories controller. Additionally,
allows removing a profile image by leaving the image field
empty in the upload form, which previously wasn't possible.

Fixes EHRI#1442
@mikesname mikesname mentioned this issue Oct 7, 2022
Merged
mikesname added a commit that referenced this issue Oct 7, 2022
@mikesname
More thorough validation of uploaded profile images and logos
c3dc5c5 
Fixes a potential DOS when an image is uploaded that is below the
maximum file size but uses masses of memory to process.

Also extract validation logic into a separate helper
shared by user profile and repositories controller. Additionally,
allows removing a profile image by leaving the image field
empty in the upload form, which previously wasn't possible.

Fixes #1442
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

More thorough validation of uploaded profile images and logos mikesname/ehri-frontend
2 participants
@mikesname @herminiogg