Add reference to setMaxImageSize to ReadingAndWritingImageFiles.rst

And website/src/exrreader/exrreader_max.cpp illustrates setting max
image size.

Signed-off-by: Cary Phillips <cary@ilm.com>

Author: cary-ilm

website/ReadingAndWritingImageFiles.rst

@@ -1535,6 +1535,41 @@ are currently in use.
 Miscellaneous
 =============
 
+Image Size Limits and Out-of-Memory Failures
+--------------------------------------------
+
+The OpenEXR file format places no fixed limit on image size, except
+that image width and height are represented by signed 32-bit integers
+and therefore technically limited to a maximum of 2,147,483,647.
+
+Attempting to read a very large image may result in an "out-of-memory
+failure. This is not considered a security vulnerability. The memory
+required to decode such an image is inherently proportional to its
+pixel count, even if compression reduces the image to a small file
+size on disk. Exhausting available memory on a given machine is a
+system resource constraint, not a library defect — the same file that
+triggers an out-of-memory error on one machine may load successfully
+on another with more memory.
+
+The OpenEXR library provides 
+``Imf::Header::setMaxImageSize(int maxWidth,int maxHeight)`` and
+``Imf::Header:"setMaxTileSize(int maxWidth,int maxHeight)`` (and
+``exr_set_default_maximum_image_size()`` and
+``exr_set_default_maximum_tile_size()`` in OpenEXRCore) to allow
+applications to reject files with dimensions exceeding a configurable
+limit before any large allocation occurs. Applications processing
+untrusted EXR files should set these limits to values appropriate for
+their deployment environment.
+
+Beware of setting this limit too low.  Images of resolution greater
+than 10k are not uncommon in VFX workflows. Unless your application
+must process untrusted EXR files in an environment where failure is
+catastrophic, it may be best to provide a limit but allow it to be
+configured by the user:
+
+.. literalinclude:: src/exrreader/exrreader_max.cpp
+   :lines: 5-
+
 Is this an OpenEXR File?
 ------------------------
 

website/TechnicalIntroduction.rst

@@ -146,21 +146,20 @@ The OpenEXR file format places no fixed limit on image size, except
 that image width and height are represented by signed 32-bit integers
 and therefore technically limited to a maximum of 2,147,483,647.
 
-Memory allocation failures caused by large image dimensions declared
-in file headers are not considered security vulnerabilities when the
-allocation size is proportional to the declared image dimensions. EXR
-files can legitimately describe very large images, and the memory
-required to decode them is inherently proportional to their pixel
-count. Exhausting available memory on a given machine is a system
-resource constraint, not a library defect — the same file that
+Attempting to read a very large image may result in an "out-of-memory
+failure. This is not considered a security vulnerability. The memory
+required to decode such an image is inherently proportional to its
+pixel count, even if compression reduces the image to a small file
+size on disk. Exhausting available memory on a given machine is a
+system resource constraint, not a library defect — the same file that
 triggers an out-of-memory error on one machine may load successfully
 on another with more memory.
 
 The OpenEXR library provides 
-`Imf::Header::setMaxImageSize(int maxWidth,int maxHeight)` and
-`Imf::Header:"setMaxTileSize(int maxWidth,int maxHeight)` (and
-`exr_set_default_maximum_image_size()` and
-`exr_set_default_maximum_tile_size()` in OpenEXRCore) to allow
+``Imf::Header::setMaxImageSize(int maxWidth,int maxHeight)`` and
+``Imf::Header:"setMaxTileSize(int maxWidth,int maxHeight)`` (and
+``exr_set_default_maximum_image_size()`` and
+``exr_set_default_maximum_tile_size()`` in OpenEXRCore) to allow
 applications to reject files with dimensions exceeding a configurable
 limit before any large allocation occurs. Applications processing
 untrusted EXR files should set these limits to values appropriate for

website/src/exrreader/CMakeLists.txt

@@ -10,3 +10,6 @@ find_package(OpenEXR REQUIRED)
 add_executable(${PROJECT_NAME} exrreader.cpp)
 target_link_libraries(${PROJECT_NAME} OpenEXR::OpenEXR)
 
+add_executable(${PROJECT_NAME}_max exrreader_max.cpp)
+target_link_libraries(${PROJECT_NAME}_max OpenEXR::OpenEXR)
+

website/src/exrreader/exrreader_max.cpp

@@ -0,0 +1,100 @@
+//
+// SPDX-License-Identifier: BSD-3-Clause
+// Copyright (c) Contributors to the OpenEXR Project.
+//
+
+#include <ImfRgbaFile.h>
+#include <ImfArray.h>
+#include <cstring>
+#include <iostream>
+#include <stdexcept>
+#include <string>
+
+static void
+usage(const char *prog)
+{
+    std::cerr << "usage: " << prog
+              << " [--maxImageSize <width> <height>] <image.exr>\n";
+}
+
+int
+main(int argc, char *argv[])
+{
+    int         maxW = 10000;
+    int         maxH = 10000;
+    std::string path;
+
+    for (int i = 1; i < argc; ++i)
+    {
+        if (std::strcmp(argv[i], "--maxImageSize") == 0)
+        {
+            if (i + 2 >= argc)
+            {
+                usage(argv[0]);
+                return 1;
+            }
+            try
+            {
+                maxW = std::stoi(argv[i + 1]);
+                maxH = std::stoi(argv[i + 2]);
+            }
+            catch (const std::exception &)
+            {
+                std::cerr << "invalid width or height for --maxImageSize\n";
+                return 1;
+            }
+            if (maxW <= 0 || maxH <= 0)
+            {
+                std::cerr << "--maxImageSize width and height must be positive\n";
+                return 1;
+            }
+            i += 2;
+        }
+        else if (argv[i][0] == '-')
+        {
+            std::cerr << "unknown option: " << argv[i] << std::endl;
+            usage(argv[0]);
+            return 1;
+        }
+        else
+        {
+            if (!path.empty())
+            {
+                std::cerr << "unexpected extra argument: " << argv[i]
+                          << std::endl;
+                usage(argv[0]);
+                return 1;
+            }
+            path = argv[i];
+        }
+    }
+
+    if (path.empty())
+    {
+        usage(argv[0]);
+        return 1;
+    }
+
+    Imf::Header::setMaxImageSize(maxW, maxH);
+
+    try
+    {
+        Imf::RgbaInputFile file(path.c_str());
+        Imath::Box2i       dw = file.dataWindow();
+        int                width  = dw.max.x - dw.min.x + 1;
+        int                height = dw.max.y - dw.min.y + 1;
+
+        Imf::Array2D<Imf::Rgba> pixels(width, height);
+
+        file.setFrameBuffer(&pixels[0][0], 1, width);
+        file.readPixels(dw.min.y, dw.max.y);
+    }
+    catch (const std::exception &e)
+    {
+        std::cerr << "error reading image file " << path << ": " << e.what()
+                  << std::endl;
+        return 1;
+    }
+
+    return 0;
+}