From ee7ee48971a32d3640b326304f46e392465987d6 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Thu, 20 May 2021 22:57:54 +0100
Subject: [PATCH 1/3] Fix /upload 500'ing when presented a very large image

Catch DecompressionBombError and re-raise as ThumbnailErrors
---
 synapse/rest/media/v1/thumbnailer.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/synapse/rest/media/v1/thumbnailer.py b/synapse/rest/media/v1/thumbnailer.py
index 37fe582390e3..b530a98341d9 100644
--- a/synapse/rest/media/v1/thumbnailer.py
+++ b/synapse/rest/media/v1/thumbnailer.py
@@ -47,6 +47,11 @@ def __init__(self, input_path: str):
             # If an error occurs opening the image, a thumbnail won't be able to
             # be generated.
             raise ThumbnailError from e
+        except Image.DecompressionBombError as e:
+            # If an image decompression bomb error occurs opening the image,
+            # then the image exceeds the pixel limit and a thumbnail won't
+            # be able to be generated.
+            raise ThumbnailError from e
 
         self.width, self.height = self.image.size
         self.transpose_method = None

From 68a64a61c5eb9273495ff3fbf353ed38ab1b01d6 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Thu, 20 May 2021 22:58:29 +0100
Subject: [PATCH 2/3] Set PIL's MAX_IMAGE_PIXELS to match homeserver.yaml

to get it to bomb out quicker, to load less into memory
in the case of super large images
---
 synapse/rest/media/v1/media_repository.py | 2 ++
 synapse/rest/media/v1/thumbnailer.py      | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/synapse/rest/media/v1/media_repository.py b/synapse/rest/media/v1/media_repository.py
index e8a875b90093..21c43c340c3b 100644
--- a/synapse/rest/media/v1/media_repository.py
+++ b/synapse/rest/media/v1/media_repository.py
@@ -76,6 +76,8 @@ def __init__(self, hs: "HomeServer"):
         self.max_upload_size = hs.config.max_upload_size
         self.max_image_pixels = hs.config.max_image_pixels
 
+        Thumbnailer.set_limits(self.max_image_pixels)
+
         self.primary_base_path = hs.config.media_store_path  # type: str
         self.filepaths = MediaFilePaths(self.primary_base_path)  # type: MediaFilePaths
 
diff --git a/synapse/rest/media/v1/thumbnailer.py b/synapse/rest/media/v1/thumbnailer.py
index b530a98341d9..a65e9e18022e 100644
--- a/synapse/rest/media/v1/thumbnailer.py
+++ b/synapse/rest/media/v1/thumbnailer.py
@@ -40,6 +40,10 @@ class Thumbnailer:
 
     FORMATS = {"image/jpeg": "JPEG", "image/png": "PNG"}
 
+    @staticmethod
+    def set_limits(max_image_pixels: int):
+        Image.MAX_IMAGE_PIXELS = max_image_pixels
+
     def __init__(self, input_path: str):
         try:
             self.image = Image.open(input_path)

From 0720a6ca1311ecb319c90d8da41a2debcc5fde94 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Thu, 20 May 2021 23:29:37 +0100
Subject: [PATCH 3/3] Add changelog entry for 10029

---
 changelog.d/10029.bugfix | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/10029.bugfix

diff --git a/changelog.d/10029.bugfix b/changelog.d/10029.bugfix
new file mode 100644
index 000000000000..c214cbdaecc1
--- /dev/null
+++ b/changelog.d/10029.bugfix
@@ -0,0 +1 @@
+Fixed a bug with very high resolution image uploads throwing internal server errors.
\ No newline at end of file