From 544d3df0576e9b2b3601f44c897f71d01bdd7a25 Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Fri, 12 Jul 2024 03:40:46 +0000 Subject: [PATCH] thumbnail: Stop applying MAX_EMOJI_GIF_FILE_SIZE_BYTES before resizing. b14a33c65989 attempted to make the 128k limit apply _after_ resizing, but left this check, which examines the pre-resized image size. --- zerver/lib/thumbnail.py | 3 --- zerver/tests/test_thumbnail.py | 7 ------- 2 files changed, 10 deletions(-) diff --git a/zerver/lib/thumbnail.py b/zerver/lib/thumbnail.py index a465de7d52..ed9781e607 100644 --- a/zerver/lib/thumbnail.py +++ b/zerver/lib/thumbnail.py @@ -133,9 +133,6 @@ def resize_logo(image_data: bytes) -> bytes: def resize_emoji( image_data: bytes, emoji_file_name: str, size: int = DEFAULT_EMOJI_SIZE ) -> Tuple[bytes, Optional[bytes]]: - if len(image_data) > MAX_EMOJI_GIF_FILE_SIZE_BYTES: - raise BadImageError(_("Image size exceeds limit.")) - # Square brackets are used for providing options to libvips' save # operation; the extension on the filename comes from reversing # the content-type, which removes most of the attacker control of diff --git a/zerver/tests/test_thumbnail.py b/zerver/tests/test_thumbnail.py index 4cc7a3c406..7e80af056f 100644 --- a/zerver/tests/test_thumbnail.py +++ b/zerver/tests/test_thumbnail.py @@ -134,13 +134,6 @@ class EmojiTest(ZulipTestCase): with self.assertRaises(BadImageError): resize_emoji(corrupted_img_data, "corrupt.gif") - def test_resize_too_large_pre_resize(self) -> None: - """An image that is too many bytes pre-resize is an error""" - animated_large_img_data = read_test_image_file("animated_large_img.gif") - with patch("zerver.lib.thumbnail.MAX_EMOJI_GIF_FILE_SIZE_BYTES", 1024): - with self.assertRaises(BadImageError): - resize_emoji(animated_large_img_data, "animated_large_img.gif", size=50) - def test_resize_too_many_pixels(self) -> None: """An image file with too many pixels is not resized""" with patch("zerver.lib.thumbnail.IMAGE_BOMB_TOTAL_PIXELS", 100):