Prevent truncated downloads from triggering persistent imagecreatefrompng() errors

Created on 20 February 2020, over 4 years ago
Updated 29 June 2023, 12 months ago

If the download connection closes unexpectedly, then we have a valid 200 response with no error (and hence stage_file_proxy is happy with the $result object); but we're left with a truncated image file, and every attempt at styling that image triggers a cluster of errors from the GD library:

Warning: imagecreatefrompng(): gd-png: fatal libpng error: Read Error: truncated data in imagecreatefrompng() (line 256 of /var/www/modules/system/image.gd.inc).

Warning: imagecreatefrompng(): gd-png error: setjmp returns error condition 3 in imagecreatefrompng() (line 256 of /var/www/modules/system/image.gd.inc).

Warning: imagecreatefrompng(): 'public://FOO.png' is not a valid PNG file in imagecreatefrompng() (line 256 of /var/www/modules/system/image.gd.inc).

This is exacerbated by the fact that, once this incomplete file exists on the file system, no further download is attempted, and so Drupal attempts and fails to style it every single time, until the bad local file is deleted manually.

(Assuming here that the stage_file_proxy_use_imagecache_root behaviour is being used.)

The pngcheck program can be used to detect bad PNG files:

$ find sites/default/files/ -name "*.png" -print0 | xargs -0r pngcheck | sed -n '/^ERROR: /s///p'

I believe we can detect this kind of failure within stage_file_proxy by comparing strlen($result->data) with (int) $result->headers['content-length']. If they are not a match, then treat it as an error.

It also seems reasonable to re-try the request in this scenario, up to some configured maximum number of attempts.

πŸ› Bug report
Status

Closed: outdated

Version

1.0

Component

Code

Created by

πŸ‡³πŸ‡ΏNew Zealand jweowu

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡ΊπŸ‡ΈUnited States smustgrave

    As there hasn't been movement on this in years going to close out as D7 support is being dropped. Will keep an eye out for security issues but active support is a no go.

Production build 0.69.0 2024