From 0fc2ab06386c9cfa17fe75da185e3a74b89dc1e0 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 27 Oct 2021 10:19:00 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@14-2-stable-ee

---
 .../exif/testdata/takes_lot_of_memory_to_decode.tiff     | Bin 0 -> 9662 bytes
 workhorse/internal/upload/rewrite.go                     |   2 +-
 workhorse/internal/upload/rewrite_test.go                |  13 +++++++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 workhorse/internal/upload/exif/testdata/takes_lot_of_memory_to_decode.tiff

diff --git a/workhorse/internal/upload/exif/testdata/takes_lot_of_memory_to_decode.tiff b/workhorse/internal/upload/exif/testdata/takes_lot_of_memory_to_decode.tiff
new file mode 100644
index 00000000000..6935cb130db
Binary files /dev/null and b/workhorse/internal/upload/exif/testdata/takes_lot_of_memory_to_decode.tiff differ
diff --git a/workhorse/internal/upload/rewrite.go b/workhorse/internal/upload/rewrite.go
index 79ebfe950c5..3dfab120188 100644
--- a/workhorse/internal/upload/rewrite.go
+++ b/workhorse/internal/upload/rewrite.go
@@ -233,7 +233,7 @@ func handleExifUpload(ctx context.Context, r io.Reader, filename string, imageTy
 }
 
 func isTIFF(r io.Reader) bool {
-	_, err := tiff.Decode(r)
+	_, err := tiff.DecodeConfig(r)
 	if err == nil {
 		return true
 	}
diff --git a/workhorse/internal/upload/rewrite_test.go b/workhorse/internal/upload/rewrite_test.go
index 6fc41c3fefd..e3f33a02489 100644
--- a/workhorse/internal/upload/rewrite_test.go
+++ b/workhorse/internal/upload/rewrite_test.go
@@ -2,6 +2,7 @@ package upload
 
 import (
 	"os"
+	"runtime"
 	"testing"
 
 	"github.com/stretchr/testify/require"
@@ -29,6 +30,10 @@ func TestImageTypeRecongition(t *testing.T) {
 			filename: "exif/testdata/sample_exif_invalid.jpg",
 			isJPEG:   false,
 			isTIFF:   false,
+		}, {
+			filename: "exif/testdata/takes_lot_of_memory_to_decode.tiff", // File from https://gitlab.com/gitlab-org/gitlab/-/issues/341363
+			isJPEG:   false,
+			isTIFF:   true,
 		},
 	}
 
@@ -36,8 +41,16 @@ func TestImageTypeRecongition(t *testing.T) {
 		t.Run(test.filename, func(t *testing.T) {
 			input, err := os.Open(test.filename)
 			require.NoError(t, err)
+
+			var m runtime.MemStats
+			runtime.ReadMemStats(&m)
+			start := m.TotalAlloc
+
 			require.Equal(t, test.isJPEG, isJPEG(input))
 			require.Equal(t, test.isTIFF, isTIFF(input))
+
+			runtime.ReadMemStats(&m)
+			require.Less(t, m.TotalAlloc-start, uint64(50000), "must take reasonable amount of memory to recognise the type")
 		})
 	}
 }
-- 
cgit v1.2.1