Error message when trying to post an image:

Slightly different error on mlmym interface:

Funnily enough, I seem to be able to upload these small screenshots embedded in a post just fine. The photo I’m trying to upload is less than 2 MB. Is that too large?

Any relation to these problems?

Any other info which might help diagnose the problem?

          • InEnduringGrowStrong@sh.itjust.works@sh.itjust.works
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            4 months ago

            Got it.

            Your PNG contains extra data after the PNG’s IEND marker which pict-rs probably errors on.
            Your images aren’t stored as-is, among other things, their metadata is stripped so people don’t unwittingly share their geolocation, etc.
            It rewrites the file in the process, but in this case doesn’t know what to do with the non png compliant data appended at the end.

            Here’s a fixed version of your image that uploads fine.

            Using pngcheck -vf on the original image will give you the starting hex offset (0x10fc31) of that invalid chunk of data, which can then be browsed with whatever hex editor.
            I haven’t investigated that extra data much.
            It might be part of a ‘capture the flag’ game, or not.

            The fixed image is just the first bytes of the file upto that invalid extra chunk.

            • threelonmusketeers@sh.itjust.worksOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              Wow, that’s some amazing digital detective work!

              I haven’t investigated that extra data much.
              It might be part of a ‘capture the flag’ game, or not.

              Huh, interesting!

              If you would indulge me, I have a few additional questions and suggestions:

              Q1: Do you know if it would be possible to implement tools to detect and discard invalid data automatically?

              metadata is stripped so people don’t unwittingly share their geolocation

              Good to know; I had wondered about how metadata was handled.

              Q2: Is metadata stripping unique to this server, or a Lemmy-wide standard?

              If I recall, the size limit is 5M.

              Q3: Is this limit set on a per-server basis, or a Lemmy-wide standard?

              Q4:Would it be possible to implement automatic compression of large images?

              Most modern phone cameras routinely take larger photos than 5MB.

              Just some off-the-cuff suggestions, and I’m not even sure whether they would be best implemented by the instance or the platform.

              Thanks for all of your help already!

              • A1: probably, although that’s more processing power. The tool I used to fix it would have outputted a second image file if the extra data had been an image, which is then a weird case to handle. (Upload both? Make 2 links?) Certainly, it could output a better error message though.

                A2: Should be lemmy-wide, although technically a malicious server could disable that somehow, which I think would only affect their local users. ie: don’t make an account on a server you don’t trust.

                A3: It is a server specific setting. It’s easy enough to change the setting. Bigger limits uses more storage which costs money

                A4: Possible, I would think. No idea if that’s ever on the devs’ roadmap. I think that would be added to the pict-rs code which is then used by the lemmy server.
                Both are open source projects, so an instance implementing this could then share the code so it’s eventually a feature for everyone.

                I’ve ran into bugs before on some public image host I don’t remember where it wouldn’t strip metadata if you uploaded an album. It’s probably a good practice to strip metadata before uploading, although much less convenient. I double-check that it still works here from time to time, doubly so after upgrading versions.