When trying to upload a photo from the 4.0.0 desktop app, the photo won’t upload (and can’t be canceled by clicking X).
Steps to reproduce
Mattermost Server Version 4.8 Enterprise (no license key), Desktop Version 4.0.0, Nginx, Debian, Postgresql, Amazon S3 Storage
File Cap has been set to >50 MB (although on a related note, files above 50 MB will also be endlessly stuck uploading). Smaller files work, but not this image.
that the upload works. We’ve checked our connection and it’s not that. Alternatively - where can we adjust the accepted picture dimensions?
Error log shows this each time we try to upload the image file:
[2018/03/28 09:45:06 +07] [EROR] /api/v4/files:uploadFile code=400 rid=ncz55we7a7fxur5h4b9mddthjr uid=13mdb5adffghxka35pyy51ntbe ip=XXX.XXX.XXX.XXX File above maximum dimensions could not be uploaded: name-of-image.jpg [details: ]
Hello Amy, thanks for your reply. We’ve tried to adjust the maximum file size, which didn’t fix the problem. This seems to be a recent problem, as we were able to upload larger files in the past. Could this be related to this issue?
I checked with one of our engineers about this and they mentioned that currently our maximum image dimensions is 6048 x 4032 - would you be able to find out the dimensions of the image that you are trying to upload? If it exceeds 6048 x 4032, I can file a ticket for our engineers to investigate relaxing that limit. If it is smaller than that it might be a bug and I’ll help file a bug ticket instead.
I forwarded your feedback to our team and it sounds like there have been some changes made recently that might be able to support larger max image dimensions. The Jira ticket referenced above has been re-opened and re-triaged for further discussion.
Earlier there were security concerns that we would have to load the image into memory to generate a thumbnail/preview, and large images take up a lot of memory. It’s also possible to make an image that’s small as a file, but when we read it into memory, it has massive dimensions which is why those max dimensions were added in the first place. For example, the sample file I had been using that then was a 5MB PNG file that would take up 116GB of memory when fully read into memory.
We need some max dimensions, but we could certainly look at increasing them. One of our developers did a bunch of work recently on improving the memory usage of file uploads, so he might have a better idea of how large we should be able to go. The current max dimensions support an image that takes 36MB when read into memory, so that’s already quite large.
Any update on this?
Just tried to upload a photo taken by a 30Mpx camera (nothing special even in 2016), and got an error message the image dimensions (4480 x 6720) exceed the limits.
The related JIRA ticket mentions a security concern which is laughable. It would be nice if the users can decide for themselves if it’s acceptable or not, and have an ability to change the limits either in the settings or the config file. Hard code is not good!
From my perspective in reading this, if there is a “security concern” (which, as a cybersecurity consultant, I have honestly never heard of image dimensions being used in an attack) it seems to me that a potential fix to this issue would be to implement a feature into the Mattermost code base that would automatically reduce the dimensions of a said image that is oversize to a scaled-down dimension of acceptable size. Is there any foreseeable use of an implementation such as that in the foreseeable future?