SVG files larger than 10 MB cannot be thumbnailed
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Josve05a
	Sep 8 2015, 4:06 PM

Description

https://commons.wikimedia.org/wiki/File:Thousand_Island,_St._Lawrence_River.svg

The thumbnails error out with HTTP 500 (or 429 if the thumbnail scaler throttling has been activated) with the message

Error creating thumbnail: Error reading SVG:Error domain 1 code 1 on line 3409 column 7 of file:///tmp/svg_09ebfac0817ad425c214af8a/localcopy_4c26893f84e0-1.svg: internal error: Huge input lookup

Details

	Subject	Repo	Branch	Lines +/-
	Support scaling of huge SVGs	operations/mediawiki-config	master	+1 -1

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Open	None	T43371 Thumbnail/imagescaler (tracking)
Resolved	MoritzMuehlenhoff	T111815 SVG files larger than 10 MB cannot be thumbnailed
Resolved	MoritzMuehlenhoff	T112421 Update rsvg on the image scalers to 2.40.16 (to solve several SVG rendering issues)
Resolved	Krenair	T84950 Thumbnail generation should happen via the same setup in the beta cluster and in production (tracking)
Resolved	• AlexMonk-WMF	T64835 Setup a Swift cluster on beta-cluster to match production
Resolved	fgiunchedi	T123512 beta swift labs instances requirements
Resolved	• AlexMonk-WMF	T140220 "UnderflowException from ... FancyCaptcha.class.php: Ran out of captcha images" at Special:CreateAccount
Resolved	Krenair	T116816 beta cluster missing vips command needed to render tiffs and pngs, pnmtojpeg for DjVus
Resolved	fgiunchedi	T142289 Setup deployment-imagescaler host(s) in Beta Cluster
Resolved	Krenair	T142288 Consolidate, remove, and/or downsize Beta Cluster instances to help with [[wikitech:Purge_2016]]
Declined	None	T142255 Move mathoid to deployment-sca* hosts in Beta Cluster
Resolved	• mobrovac	T107309 Test Mathoid in Jessie
Resolved	Krinkle	T142152 Move apertium to deployment-sca* hosts in Beta Cluster
Resolved	KartikMistry	T107306 Package apertium (and dependencies) for Jessie
Resolved	KartikMistry	T106385 [Tracker] Move Apertium packaging to Debian
Resolved	bd808	T143065 deployment-sca0[12] puppet failure due to issues involving /srv/deployment directory
Invalid	None	T142150 Move citoid to deployment-sca* hosts in Beta Cluster
Declined	None	T107302 Package and test Zotero for Jessie
Resolved	dduvall	T138778 Upgrade mariadb in deployment-prep from Precise/MariaDB 5.5 to Jessie/MariaDB 5.10
Resolved	dduvall	T147110 Delete deployment-db1 and deployment-db2

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Josve05a raised the priority of this task from to Needs Triage.Sep 8 2015, 4:06 PM

Josve05a added projects: Wikimedia-SVG-rendering, Commons, Multimedia.

Josve05a subscribed.

Restricted Application added subscribers: Steinsplitter, Matanya, Aklapper. · View Herald TranscriptSep 8 2015, 4:06 PM

Josve05a renamed this task from SVG file is generating 429-error to SVG file is generating 429 and 500 errors.Sep 8 2015, 4:08 PM

Josve05a set Security to None.

Steinsplitter moved this task from Incoming to Backlog on the Commons board.Sep 8 2015, 5:19 PM

Josve05a mentioned this in T111838: Some files had disappeared from Commons after renaming.Sep 8 2015, 10:01 PM

Error creating thumbnail: Error reading SVG:Error domain 1 code 1 on line 3409 column 7 of file:///tmp/svg_09ebfac0817ad425c214af8a/localcopy_4c26893f84e0-1.svg: internal error: Huge input lookup

The SVG file is over 60 MB.

Jdforrester-WMF renamed this task from SVG file is generating 429 and 500 errors to SVG file is generating 429 and 500 errors because it is too large.Sep 10 2015, 1:15 AM

Jdforrester-WMF moved this task from Untriaged to Backlog on the Multimedia board.

Locally I can render the file (rsvg 2.26.3), but it probably depends on what version of libxml its linked against (google suggests error related to the XML_PARSE_HUGE constant [or lack thereof])

Note, its probably not because the image itself is too big, but because the embedded png images are too big (As an aside, the embedded png images also don't appear to be compressed properly, at all. If one extracted the embedded images, ran them through something like pngcrush, and then re-embedded them, it would probably reduce the file size significantly)

Looking through various things on the internet, I suspect that this would affect images that have embedded pngs (or other attributes) larger than 9.5 mb (Have not tested this theory)

In T111815#1623482, @Bawolff wrote:

Note, its probably not because the image itself is too big, but because the embedded png images are too big (As an aside, the embedded png images also don't appear to be compressed properly, at all. If one extracted the embedded images, ran them through something like pngcrush, and then re-embedded them, it would probably reduce the file size significantly)

Looking through various things on the internet, I suspect that this would affect images that have embedded pngs (or other attributes) larger than 9.5 mb (Have not tested this theory)

Looking around commons, seems to affect most images bigger than 10 mb. e.g. https://upload.wikimedia.org/wikipedia/commons/thumb/6/64/3D_image_of_Antihydrogen.svg/139px-3D_image_of_Antihydrogen.svg.png https://upload.wikimedia.org/wikipedia/commons/thumb/d/d1/2012_French_presidential_election_-_First_round_-_Majority_vote_%28Mayenne%29.svg/510px-2012_French_presidential_election_-_First_round_-_Majority_vote_%28Mayenne%29.svg.png

There are about 9007 images bigger then this, which are probably affected

I just read the rsvg docs. Looks like all we need to do is add the --unlimited flag to the command line (Assuming we have the right version of rsvg). Someone want to try and see if that works with whatever version is on the image scalers?

tgr@mw1153:~$ curl -s 'https://upload.wikimedia.org/wikipedia/commons/e/e7/Thousand_Island%2C_St._Lawrence_River.svg' > T111815_test.svg
tgr@mw1153:~$ /usr/bin/rsvg-convert -w 320 -h 200 -o T111815_test.png T111815_test.svg 
Error reading SVG:Error domain 1 code 1 on line 3409 column 7 of file:///home/tgr/T111815_test.svg: internal error: Huge input lookup


tgr@mw1153:~$ /usr/bin/rsvg-convert -w 320 -h 200 --unlimited -o T111815_test.png T111815_test.svg 
Unknown option --unlimited

Probably not the right version then.

tgr@mw1153:~$ /usr/bin/rsvg-convert --version
rsvg-convert version 2.40.2

Digging into the rsvg git repo, looks like upstream bug is https://bugzilla.gnome.org/show_bug.cgi?id=710310 and that the -u flag was added in 2.40.4 (commit aa1f447e2), so we just missed it :(

RP88 subscribed.Sep 12 2015, 10:48 AM

Yes, --unlimited works in newer versions so this should be fixed once we distro-upgrade (or backport?) librsvg:

$:andre\> /usr/bin/rsvg-convert --version
rsvg-convert version 2.40.10
$:andre\> curl -s 'https://upload.wikimedia.org/wikipedia/commons/e/e7/Thousand_Island%2C_St._Lawrence_River.svg' > T111815_test.svg
$:andre\> ls -l T111815_test.svg
-rw-rw-r--. 1 andre andre 67350922 Sep 12 15:32 T111815_test.svg
$:andre\> /usr/bin/rsvg-convert -w 320 -h 200 -o T111815_test.png T111815_test.svg
Error reading SVG:Error domain 1 code 5 on line 1 column 1 of file:///home/andre/T111815_test.svg: Extra content at the end of the document
$:andre\> /usr/bin/rsvg-convert -w 320 -h 200 --unlimited -o T111815_test.png T111815_test.svg
$:andre\>

Tgr renamed this task from SVG file is generating 429 and 500 errors because it is too large to SVG files larger than 10 MB cannot be thumbnailed.Sep 13 2015, 12:46 AM

Tgr updated the task description. (Show Details)

Tgr mentioned this in T112421: Update rsvg on the image scalers to 2.40.16 (to solve several SVG rendering issues).Sep 13 2015, 12:52 AM

Tgr added a subtask: T112421: Update rsvg on the image scalers to 2.40.16 (to solve several SVG rendering issues).

Tgr added a parent task: T10901: [DO NOT USE] SVG rasterisation and management on Wikimedia sites (tracking).

Tgr added a parent task: T43371: Thumbnail/imagescaler (tracking).

Tgr removed a parent task: T43371: Thumbnail/imagescaler (tracking).

Bawolff mentioned this in T84842: Convert eqiad imagescalers to HHVM, Trusty.Sep 13 2015, 6:34 AM

Ricordisamoa subscribed.Sep 13 2015, 6:51 AM

Jdforrester-WMF removed a project: Multimedia.Sep 21 2015, 4:21 PM

matmarex merged a task: T113458: Specific thumbnail request for a SVG log image name throws: Error generating thumbnail.Sep 23 2015, 12:29 PM

matmarex added a parent task: T43371: Thumbnail/imagescaler (tracking).

matmarex added a subscriber: santhosh.

matmarex subscribed.

Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptNov 15 2015, 6:13 AM

zhuyifei1999 moved this task from Backlog to Thumbnail and file renderings on the Commons board.Nov 15 2015, 6:14 AM

zhuyifei1999 merged a task: T118568: Huge SVG causing "huge input lookup" issue on Shanghai page..Nov 15 2015, 8:00 AM

zhuyifei1999 added subscribers: zhuyifei1999, JasperStPierre.

Aklapper merged a task: T121965: Thumbnails of 10MB SVG image on Commons not successfully created.Dec 19 2015, 12:30 PM

Aklapper mentioned this in T121965: Thumbnails of 10MB SVG image on Commons not successfully created.

Aklapper added a subscriber: Superbenjamin.

Aklapper merged a task: T126881: Fail to render thmbnail for large svg.Feb 14 2016, 2:20 PM

Aklapper mentioned this in T126881: Fail to render thmbnail for large svg.

Aklapper added a subscriber: Ainali.

matmarex merged a task: T127486: Image in Commons can't generate thumbnails or reduced-size versions for articles.Feb 19 2016, 5:49 PM

matmarex added a subscriber: IAmNitpicking.

Aklapper triaged this task as Medium priority.Mar 8 2016, 10:53 PM

Meanwhile the bug is resolved (or scheduled for resolving), could be a good idea to add {{HugeSVG}} at the Description in the Upload Wizard.

That bug is fixed on the new jessie image scaler using 2.4.16 (tested locally, it's not yet pooled into the set of active scalers in production). The original file from this bug was removed for copyright reasons, but I confirmed it with https://commons.wikimedia.org/wiki/File:3D_image_of_Antihydrogen.svg

Restricted Application added a subscriber: Poyekhali. · View Herald TranscriptJun 22 2016, 11:19 AM

MoritzMuehlenhoff claimed this task.Jun 22 2016, 11:20 AM

MoritzMuehlenhoff added a project: SRE.

I see the files that {{HugeSVG}} ins transcluded, but them're still unable to render as PNG.

https://commons.wikimedia.org/wiki/Special:WhatLinksHere/Template:HugeSVG

I'll watch this thread and check these files periodically.

The update is not deployed yet, Moritz is working on it. Please subscribe to the blocking task T112421: Update rsvg on the image scalers to 2.40.16 (to solve several SVG rendering issues) for updates.

MoritzMuehlenhoff closed subtask T112421: Update rsvg on the image scalers to 2.40.16 (to solve several SVG rendering issues) as Resolved.Jul 4 2016, 2:46 PM

I can still reproduce this, despite the scalers running 2.40.16.

In T111815#2426648, @Tgr wrote:

I can still reproduce this, despite the scalers running 2.40.16.

Has the --unlimited flag been added?

The librsvg bug mentions the flag has security implications, maybe it should be reviewed by Security?

3D_image_of_Antihydrogen.svg was in fact misleading, while the new librsvg offers a method to whilelist limits in libxml using RSVG_HANDLE_FLAG_UNLIMITED, this is not enabled in our conversion process so far. As for the security implications: They certainly exist ( by someone uploading malformed SVG files which triggers "billion laughs attack"-style resource consumption), but they are mititigated by the cgroups resource limits and execution timeout we impose on the launched librsvg processes. I'm not sure how exhaustive the list from https://commons.wikimedia.org/wiki/Special:WhatLinksHere/Template:HugeSVG is, but if the number is generally low, one possible approach would be to pass the RSVG_HANDLE_FLAG_UNLIMITED option for SVG files whitelisted by administrators.

We discussed this issue in the Security Team meeting. Our consensus is that it is okay to add --unlimited given that we have mitigations in place, as @MoritzMuehlenhoff mentioned above.

Additionally, Bawolff has added a unit test to ensure that Billion Laughs-style attacks in SVG files are detected and blocked appropriately.

In T111815#2439765, @dpatrick wrote:

We discussed this issue in the Security Team meeting. Our consensus is that it is okay to add --unlimited given that we have mitigations in place, as @MoritzMuehlenhoff mentioned above.

Just as a further note, I wanted to mention we also check SVG files for entity related DOS at time of upload.

Sounds good to me. I'll run some tests with "--unlimited" next week and if all if fine, I'll enable it on the image scalers.

In T111815#2440812, @MoritzMuehlenhoff wrote:

Sounds good to me. I'll run some tests with "--unlimited" next week and if all if fine, I'll enable it on the image scalers.

Did you find time for this?

not yet, but should be able to have a look at this end of the week or next week

I ran a bot and got a (huge) list of files SVGs > 10 MB (more than 8000 ones). I'll post the list soon, so, I don't have the time to see every file for rendering errors, so, please take it.

Change 303548 had a related patch set uploaded (by Muehlenhoff):
Support scaling of huge SVGs

https://gerrit.wikimedia.org/r/303548

Jdforrester-WMF added a project: User-notice.Aug 8 2016, 2:52 PM

Jdforrester-WMF subscribed.Aug 10 2016, 11:27 PM

Since this has been tagged for inclusion in Tech News: When will this fix go into production? Do you know?

@Johan This still needs more tests before it can be enabled in production, I'll update this Phab task when that has happened.

OK, thanks. (:

Johan moved this task from To Triage to Not ready to announce on the User-notice board.Aug 11 2016, 9:03 AM

I enanbled the --unlimited option locally on scaler mw1298. I tested ten huge SVGs, which scaled fine:

Not running the change on mw1298 with live traffic for a few hours, if there's no unforseen regression, I'll enable this in general tomorrow.

Change 303548 merged by Muehlenhoff:
Support scaling of huge SVGs

https://gerrit.wikimedia.org/r/303548

Mentioned in SAL [2016-08-18T08:59:34Z] <moritzm> enabled scaling of huge SVGs on image scalers (T111815)

This is now enabled on the image scalers. If anyone still runs into a huge SVG which can't be thumbnailed, please post the filename for further analysis.

@Johan : This is now live, but maybe wait another 24 hours before announcing it. I checked the logs and before this patch was merged we had 76 failed huge SVG thumbnailings over the course of a day. So I should be able to tell you tomorrow whether there's still open bugs wrt scaling huge SVGs.

Seems all fine, previously on average 250 SVG thumbailings failed daily due to size limitations, but since the patch was merged that has stopped completely. @Johan Should be ok to User-Notice now.

Aklapper moved this task from Not ready to announce to Announce in next Tech/News on the User-notice board.Aug 19 2016, 10:46 AM

OK, thanks. It'll go out in the newsletter that's distributed on Monday.

Johan moved this task from Announce in next Tech/News to In current Tech/News draft on the User-notice board.Aug 19 2016, 7:21 PM

Josve05a added a comment.Aug 21 2016, 11:39 PM

This comment was removed by Josve05a.

matmarex added a comment.Aug 22 2016, 3:28 PM

This comment was removed by matmarex.

RandomDSdevel awarded a token.Aug 23 2016, 5:18 PM

Johan moved this task from In current Tech/News draft to Recently announced in Tech/News on the User-notice board.Aug 24 2016, 10:04 PM

Johan moved this task from Recently announced in Tech/News to Already announced/Archive on the User-notice board.Aug 31 2016, 5:26 AM

• Gilles mentioned this in T170352: Large SVG files fail to render in Thumbor (due to lack of use of the --unlimited option in librsvg).Jul 12 2017, 12:39 PM

• Phabricator_maintenance removed a parent task: T10901: [DO NOT USE] SVG rasterisation and management on Wikimedia sites (tracking).Feb 22 2019, 3:15 PM