From b5cd1fe0f91635b3215433835d98426471b09e57 Mon Sep 17 00:00:00 2001
From: Blake Stoddard <blake.m.stoddard@gmail.com>
Date: Tue, 8 Dec 2020 14:02:54 -0500
Subject: [PATCH] Prevent pixel flooding attacks by blocking images larger than
 10,000x10,000 that need to be transformed

---
 transform.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/transform.go b/transform.go
index ed772e041..120b2609e 100644
--- a/transform.go
+++ b/transform.go
@@ -16,6 +16,7 @@ package imageproxy
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"image"
 	_ "image/gif" // register gif format
@@ -54,6 +55,18 @@ func Transform(img []byte, opt Options) ([]byte, error) {
 		return img, nil
 	}
 
+	// decode image metadata
+	imageMeta, _, err := image.DecodeConfig(bytes.NewReader(img))
+	if err != nil {
+		return nil, err
+	}
+
+	// prevent pixel flooding attacks
+	// accept no larger than a 10,000 x 10,000 image
+	if imageMeta.Width*imageMeta.Height > 100000000 {
+		return nil, errors.New("image too large")
+	}
+
 	// decode image
 	m, format, err := image.Decode(bytes.NewReader(img))
 	if err != nil {