错误照片扩展导致的 Carrierwave Rmagick 分割故障
当我尝试使用 Carrierwave 和 Rmagick 将图像上传到 Heroku 上的网站时,出现分段错误。
这是错误日志输出的一部分:
ruby: jpc_dec.c:1072: jpc_dec_tiledecode: Assertion `dec->numcomps == 3' failed.
/app/.bundle/gems/ruby/1.9.1/gems/carrierwave-0.5.4/lib/carrierwave/processing/rmagick.rb:248: [BUG] Segmentation fault
ruby 1.9.2p180 (2011-02-18 revision 30909) [x86_64-linux]
经过调查,出现分段错误是因为我尝试上传扩展名为 .jpg 的 JPEG2000 文件,而不是正确的 .jp2 扩展名。
这是 Rmagick 的错误吗?
更重要的是,是否可以防止我的网站的用户通过发送带有错误扩展名的图像来触发此分段错误?
谢谢!
I got a segmentation fault when I attempted to upload an image to my site on Heroku using Carrierwave with Rmagick.
This is part of the error log output:
ruby: jpc_dec.c:1072: jpc_dec_tiledecode: Assertion `dec->numcomps == 3' failed.
/app/.bundle/gems/ruby/1.9.1/gems/carrierwave-0.5.4/lib/carrierwave/processing/rmagick.rb:248: [BUG] Segmentation fault
ruby 1.9.2p180 (2011-02-18 revision 30909) [x86_64-linux]
After investigation, the segmentation fault occurs because I attempted to upload a JPEG2000 file with a .jpg extension instead of the correct .jp2 extension.
Is this a bug with Rmagick?
More importantly, is it possible to prevent the users of my site from triggering this segmentation fault by sending an image with the wrong extension?
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我怀疑这将是它唯一的错误。
您可以使用其他工具(例如“文件”)来验证文件格式。
此外,您还应该考虑一种在 ruby 崩溃时可以恢复的方法。
您可以在后台运行一个额外的进程。但你应该确保
您有额外的检查,以便当有人试图反复破坏您的软件时您可以做出响应。否则你很容易成为拒绝服务的目标。
I doubt this will be its only error.
You could use another tool, like 'file' to verify the file format.
Also you should think about a way that makes it possible to recover if ruby crashes.
You could just run an extra process in the background. But you should make sure that
you have extra checks in place so that you can respond when someone tries to repeatedly crash your software. Otherwise you're an easy denial of service target.