Resource limits for RAM, dimensions, and CPU time #411
Comments
|
Since Rust doesn't run within a VM (ala Java), I don't think there's a way to set explicit memory limits, but there could be options added to limit the width and height. There is an existing CLI option, I'm reading that these attacks can also happen through excessively large iCCP chunks, zTXt chunks, and iTXt chunks, so ensuring oxipng protects against these (by default) would be a good addition as well. |
|
For anyone looking for a temporary workaround, you can use
You can set |
I use oxipng to process untrusted files from uploaded users, and we currently rely on pod level resource limits in order to protect against PNG bombs. Is it possible for there to be resource limits by oxipng itself, ala ImageMagick? I'd be happy to contribute these changes to the project, but I'm not really sure where to start looking.
The text was updated successfully, but these errors were encountered: