Imagine a zip bomb, but in PNG flavour.
When doing any kind of image manipulation in gd it's almost inevitable that at some point the image is held entirely in memory in decompressed form via imagecreatefromjpeg and friends even for simple operations like resizing.
getimagesize only extracts info from the metadata which can be unreliable.
What tools do we have to protect ourselves from such kinds of abuse, for example in the case of scaling down an image to create a thumbnail?
I thought about:
Making the server only accept uncompressed BMP or TIFF images and setting mere upload size limitations, with a client-side javascript that would convert jpg and png files to bmp before sending. Very bad for performance in general.
Actively reducing the available memory for the script in charge of doing the manipulation so that it would fail with an out-of-memory error if the image turns out to be too large (like 16 MB max memory). Bad on a whole new level of bad.
Do imagescale and similar functions need the original image to exist in memory decompressed?
Any other tips?
Related
I have a basic php script to dynamically resize images on my (virtual shared) server using GD and serve them up as required.
Unfortunately, following the purchase of a better camera with more megapixels, the script falls over due to lack of memory (my hosting allocates ~50m and an uncompressed 20Mpix image is over that limit).
Note that uncompressed means any image file that is loaded with one of:
imageCreateFromGif($filepath);
imageCreateFromJpeg($filepath);
imageCreateFromPng($filepath);
imageCreateFromBmp($filepath);
As these convert the file into the full-resolution raw image data in full 8-bit-per-pixel plus alpha in memory for further processing.
I can detect the image is oversize using getimagesize() and gracefully refuse to load it, but it would be nice to be able to handle these larger images without busting the RAM limit.
Is there anything I can do to solve this?
The server is a cheap shared commercial hosting package so I can't do anything about the restrictions on RAM or change the PHP runtime config or things like that.
On my website, I create images at 69% quality with the image GD library. It attaches the following meta-tag into each image I create:
"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 69"
Because my website has several hundred thousand JPEG images, people would be downloading at least 30MB of nonsense just to see every pic.
I want to somehow successfully erase this metatag and all other unnecessary junk in the JPEG files without resorting to any more libraries. Even some binary solution would be good if I can find one.
I'm creating a personal website but I'm using a free web hosting it has 2gb disk usage for free...how do i make the pictures save in the host disk less the actual size of the picture if the picture has a big resolution in order to save disk space for future use?
The only way to reduce the size of an image is to compress it or resize it.
If you look at popular websites, their full screen background images are fairly small in size. Most of the time compressing an image will not be noticeable to the average user.
As a rule of thumb, large images on a website should be 200kb or less.
I'm looking for PHP class which will take an audio file and them return an image file of the waveform - similar effect can be seen here http://soundcloud.com/rollin-fire-cru/sets/house-house-house-house/
It should run on a linux server and accept the following audio file formats: mp3, mp4, aac, wav
I found an example class, but it does a very basic job
http://phpclasses.ca/package/482-PHP-Extracts-attributes-of-audio-files-Visualization.html
Any help will be highly appreciated!
All sane sites does this as a background job, preferably in a faster language (e.g.: C++).
You have to decode all the formats to raw audio (wav), then create an image from that. Preferably on the fly meaning as soon as you decode a chunk of audio you draw the image for that chunk. Most codecs compress the data to 5-20% of the original size, so if you have a 10M file you suddenly have 50-200M of raw data... and if you have a 100M DJ mix.. well.. you get the point.
After the background process finished, you can simply serve the generated image with your favorite web-server.
Although it's possible to do all of this in PHP I wouldn't recommend it.
If i send bitmap data from Flash AS3, to PHP and then PHP turns the bitmap data into a image file and saves on server... Would it take too much resources?
I mean, The Bitmap Data could contain too much pixels etc does that affect the resources?
If 10-100 people send data simultaneously is it going to cause problems...
What kind of specs are you looking for to do this thing?
This is impossible to answer without knowing your server specs and the kind of application you're building.
But before it even comes to that - I don't speak AS3, but surely Flash can do the conversion into an image file by itself? That would put the load on the client machine, which can deal with it easily. Sending the finished file to a PHP process is a much less resource-consuming task.
It's 100kb in compressed as jpg but when it comes to bmp it could make for a 1024x768 image, 2MB . That is the default download limit for generic php installation. To process on the image it takes nearly same amount of memory.
In conclusion, It wont be a problem
You can do the encoding in Flash. This article should show you how to do it
http://henryjones.us/articles/using-the-as3-jpeg-encoder