From cebac86ecdd4fb5220225b5625d3b6132dbe7a68 Mon Sep 17 00:00:00 2001
From: Joachim Bauch <bauch@struktur.de>
Date: Thu, 16 Dec 2021 09:17:11 +0100
Subject: Prevent loading images that would require too much memory.

For most image formats, the header specifies the width/height.
PHP allocates an image object from that size, even if the actual
image data is much smaller. This image object size is not limited
by the limit configured in PHP.

The memory limit can be configured through "config.php" setting
"preview_max_memory" and defaults to 128 MBytes which should be
enough for most images without filling up all memory.

Signed-off-by: Joachim Bauch <bauch@struktur.de>
---
 tests/data/testimage-badheader.jpg | Bin 0 -> 103 bytes
 tests/lib/ImageTest.php            |  17 +++++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 tests/data/testimage-badheader.jpg

(limited to 'tests')

diff --git a/tests/data/testimage-badheader.jpg b/tests/data/testimage-badheader.jpg
new file mode 100644
index 00000000000..b876804eb4e
Binary files /dev/null and b/tests/data/testimage-badheader.jpg differ
diff --git a/tests/lib/ImageTest.php b/tests/lib/ImageTest.php
index 5b83c4ac57f..e6818c7e243 100644
--- a/tests/lib/ImageTest.php
+++ b/tests/lib/ImageTest.php
@@ -142,6 +142,10 @@ class ImageTest extends \Test\TestCase {
 			->method('getAppValue')
 			->with('preview', 'jpeg_quality', 90)
 			->willReturn(null);
+		$config->expects($this->once())
+			->method('getSystemValueInt')
+			->with('preview_max_memory', 128)
+			->willReturn(128);
 		$img = new \OC_Image(null, null, $config);
 		$img->loadFromFile(OC::$SERVERROOT.'/tests/data/testimage.jpg');
 		$raw = imagecreatefromstring(file_get_contents(OC::$SERVERROOT.'/tests/data/testimage.jpg'));
@@ -363,4 +367,17 @@ class ImageTest extends \Test\TestCase {
 		$img->save($tempFile, $mimeType);
 		$this->assertEquals($mimeType, image_type_to_mime_type(exif_imagetype($tempFile)));
 	}
+
+	public function testMemoryLimitFromFile() {
+		$img = new \OC_Image();
+		$img->loadFromFile(OC::$SERVERROOT.'/tests/data/testimage-badheader.jpg');
+		$this->assertFalse($img->valid());
+	}
+
+	public function testMemoryLimitFromData() {
+		$data = file_get_contents(OC::$SERVERROOT.'/tests/data/testimage-badheader.jpg');
+		$img = new \OC_Image();
+		$img->loadFromData($data);
+		$this->assertFalse($img->valid());
+	}
 }
-- 
cgit v1.2.3