pax/booru-viewer
1
0
Fork 0
Code Issues Releases 18 Activity

security: fix #8 — drop duplicate MAX_IMAGE_PIXELS set from cache.py

Browse Source 
The cap is now installed by core/__init__.py (previous commit), so
the line in cache.py is redundant. Removing it leaves a single
authoritative location for the security-critical PIL setting.

Audit-Ref: SECURITY_AUDIT.md finding #8
Severity: Low
This commit is contained in:
pax 2026-04-11 16:21:37 -05:00
parent 2bb6352141
commit 8f9e4f7e65
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
booru_viewer/core/cache.py
View File

@ -33,10 +33,8 @@ MAX_DOWNLOAD_BYTES = 500 * 1024 * 1024 # 500 MB
# regression risk of the streaming rewrite is zero. # regression risk of the streaming rewrite is zero.
STREAM_TO_DISK_THRESHOLD = 50 * 1024 * 1024 # 50 MB STREAM_TO_DISK_THRESHOLD = 50 * 1024 * 1024 # 50 MB
# Cap PIL's auto-DOS guard at 256M pixels (~1 GB raw). Default warns # PIL's MAX_IMAGE_PIXELS cap is set in core/__init__.py so any
# silently above ~89M; we want a hard fail so DecompressionBombError # `booru_viewer.core.*` import installs it first — see audit #8.
# can be caught and treated as a download failure.
Image.MAX_IMAGE_PIXELS = 256 * 1024 * 1024
# Defends `_convert_ugoira_to_gif` against zip bombs. A real ugoira is # Defends `_convert_ugoira_to_gif` against zip bombs. A real ugoira is
# typically <500 frames at 1080p; these caps comfortably allow legit # typically <500 frames at 1080p; these caps comfortably allow legit