How to find a very large Image after that it has generated a Pillow DecompressionBombWarning

sauzher · November 23, 2018, 2:37pm

Hi all,
I manage a mid-sized portal (Plone4.1) with more than 250k objects and almost 100GiB of database size (70GiB of blobs).

There is someehere an object (i suppose a large PDF uploaded as Image) that generates only in the supervisord log the following error:

[...]/eggs/Pillow-3.0.0-py2.7-linux-x86_64.egg/PIL/Image.py:2215: DecompressionBombWarning: Image size (238048220 pixels) exceeds limit of 89478485 pixels, could be decompression bomb DOS attack.

DecompressionBombWarning)

The problem is that I cannot find a corresponding entry error in instance.log files to desume the object path.

I dunno why that error is fired only in supervisord log.

Any ideas on how can I efficiently reach that misstyped object?
thanks

sauzher · November 23, 2018, 4:36pm

I used this simply supervisor patch https://gist.github.com/the-c0d3r/a3913f97c207d86505a9e9dae32cb7d3 in order to log the datetime of the event.

Now I'm able to search for what page has been accessed in that time in the corresponding instance Z2.log when the event eventually repeats.

sauzher · November 28, 2018, 11:25am

The strategy luckly worked.
It was not a mistyped pdf like I thought before, but a gorgeous 238 MegaPixel image resized then in a slideshow.

Decompression bomb dos attack defused.

HTH

Netroxen · November 29, 2018, 8:22am

Kinda off-topic, but didn't know what a Decompression Bomb Warning was (other than sounding very cool). But just did some Googling and found out about 42.zip... Mind = Blown, crazy stuff...