From d3d65e5c889fc3922efc7a8c764027763bc4764f Mon Sep 17 00:00:00 2001 From: Joachim Bauch Date: Thu, 16 Dec 2021 09:17:11 +0100 Subject: Prevent loading images that would require too much memory. For most image formats, the header specifies the width/height. PHP allocates an image object from that size, even if the actual image data is much smaller. This image object size is not limited by the limit configured in PHP. The memory limit can be configured through "config.php" setting "preview_max_memory" and defaults to 128 MBytes which should be enough for most images without filling up all memory. Signed-off-by: Joachim Bauch --- tests/lib/ImageTest.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'tests/lib/ImageTest.php') diff --git a/tests/lib/ImageTest.php b/tests/lib/ImageTest.php index 5b83c4ac57f..e6818c7e243 100644 --- a/tests/lib/ImageTest.php +++ b/tests/lib/ImageTest.php @@ -142,6 +142,10 @@ class ImageTest extends \Test\TestCase { ->method('getAppValue') ->with('preview', 'jpeg_quality', 90) ->willReturn(null); + $config->expects($this->once()) + ->method('getSystemValueInt') + ->with('preview_max_memory', 128) + ->willReturn(128); $img = new \OC_Image(null, null, $config); $img->loadFromFile(OC::$SERVERROOT.'/tests/data/testimage.jpg'); $raw = imagecreatefromstring(file_get_contents(OC::$SERVERROOT.'/tests/data/testimage.jpg')); @@ -363,4 +367,17 @@ class ImageTest extends \Test\TestCase { $img->save($tempFile, $mimeType); $this->assertEquals($mimeType, image_type_to_mime_type(exif_imagetype($tempFile))); } + + public function testMemoryLimitFromFile() { + $img = new \OC_Image(); + $img->loadFromFile(OC::$SERVERROOT.'/tests/data/testimage-badheader.jpg'); + $this->assertFalse($img->valid()); + } + + public function testMemoryLimitFromData() { + $data = file_get_contents(OC::$SERVERROOT.'/tests/data/testimage-badheader.jpg'); + $img = new \OC_Image(); + $img->loadFromData($data); + $this->assertFalse($img->valid()); + } } -- cgit v1.2.3