Last modified: 2012-08-23 19:33:57 UTC
i thought mediawiki was performing validations on uploaded images due to scripting related issues with IE. however http://upload.wikimedia.org/wikipedia/commons/archive/d/df/20041231015421%21Warminsko-mazurskie_flaga.png is definately broken (it wouldn't scale in wikipedia and it crashes paint shop pro 4) how did the validator for png pass this?
The file passes PHP's getimagesize() function and the 'file' command identifies it as: 20041231015421!Warminsko-mazurskie_flaga.png: PNG image data, 350 x 178, 8-bit/color RGB, interlaced It likely is corrupted (Mac OS X's Preview.app refuses to load it as well) but it has an intact header, and gqview and Gimp are able to extract a complete image from it (presumably both using libpng), with an error message noting that there may be corruption: Gimp: "Error while reading '/home/brion/20041231015421!Warminsko-mazurskie_flaga.png'. File corrupted?" GQView "libpng error: Too many IDAT's found". ClamAV does not detect it as a known "virus"-type image. You should file a bug report with the makers of Paint Shop Pro that their software crashes on malformed input instead of failing gracefully.
well the version of paint shop pro i use is extremely old (it does what i wan't so im not splashing out to upgrade). so i can't really file a bug report with them. also whilst i don't belive this particular file is malicious the better the checking applied to uploads the less chance we will get bitten by an infected image in future.
i was writing a program to generate pngs and i ran into theese same symptoms psp crashing imagemagick giving a (fairly useless) error and other things reading them fine. with my program i found the issue was caused by garbage after the end of the compressed data inside the data chunk though i have no way to check if this is the case for the image presented here. imo its probablly worth attempting a rescale at upload time using imagemagick on the grounds that we wan't to be able to rescale all images.
(In reply to comment #1) > You should file a bug report with the makers of Paint Shop Pro that their > software crashes on malformed input instead of failing > gracefully. Invalid, upstream? Anyway this bug is too old and generic to be useful, MediaWiki does perform validation as far as I can see.
> Invalid, upstream? Anyway this bug is too old and generic to be useful, > MediaWiki does perform validation as far as I can see. Well both, we shouldn't accept invalid files by any stretch of the imagination. Some of our checks are better than others. Lots of our checks are superficial, but I think there is other bugs covering that.
