When someone uploaded a 200 megapixel PNG of a fractal to de, it caused the hard drives on 4 apache servers to fill up, and caused the site to slow down. The action was not malicious, I hate to think what might have happened if someone tried to actively exploit it.

I've now limited the thumbnailing code to only attempt to thumbnail images less than 12.5 megapixels, or about 3500x3500. The problem is that in ImageMagick's scaling code, the entire image needs to be decompressed and stored in RAM. For a 200 megapixel image, that means 800 megabytes of working space.

The standard JPEG library has the ability to decompress directly to a thumbnail. ImageMagick uses this feature. So I haven't restricted JPEG sizes in any way. You'll still be able to upload large PNGs and link to them with [[media:]] links.

There are probably still a few DoS avenues in the image handling code, if anyone's really keen to crash the site. This change should at least take care of the accidental problems.

In case anyone is looking for a fun project, it is theoretically possible to make small thumbnails of large PNGs with very little working memory, using libpng's low-level interface. Bicubic interpolation only needs 4 rows, so non-progressive PNGs could be thumbnailed in a single pass with 4 rows of working memory. Progressive PNGs could be thumbnailed using the first few passes.

-- Tim Starling