MacOS: cache resources exhausted
gpbl opened this issue · 2 comments
gpbl commented
screengif was working wonderfully on my MacOS but after upgrading some brew packages (don't remember which) now it returns a cache resources exhausted error when converting the same files:
/Library/Ruby/Gems/2.3.0/gems/rmagick-2.16.0/lib/rmagick_internal.rb:1605:in `from_blob': cache resources exhausted `' @ error/cache.c/OpenPixelCache/4080 (Magick::ImageMagickError)
from /Library/Ruby/Gems/2.3.0/gems/rmagick-2.16.0/lib/rmagick_internal.rb:1605:in `block in from_blob'
from /Library/Ruby/Gems/2.3.0/gems/rmagick-2.16.0/lib/rmagick_internal.rb:1604:in `each'
from /Library/Ruby/Gems/2.3.0/gems/rmagick-2.16.0/lib/rmagick_internal.rb:1604:in `from_blob'
from /Library/Ruby/Gems/2.3.0/gems/screengif-0.0.3/lib/screengif.rb:74:in `start'
from /Library/Ruby/Gems/2.3.0/gems/screengif-0.0.3/bin/screengif:10:in `<top (required)>'
from /usr/local/bin/screengif:22:in `load'
from /usr/local/bin/screengif:22:in `<main>'
giampaolo@crumblenaut ~ $ screengif --input ~/change-calories.mov ~/change-calories.gif
/Library/Ruby/Gems/2.3.0/gems/rmagick-2.16.0/lib/rmagick_internal.rb:1605:in `from_blob': cache resources exhausted `' @ error/cache.c/OpenPixelCache/4080 (Magick::ImageMagickError)
from /Library/Ruby/Gems/2.3.0/gems/rmagick-2.16.0/lib/rmagick_internal.rb:1605:in `block in from_blob'
from /Library/Ruby/Gems/2.3.0/gems/rmagick-2.16.0/lib/rmagick_internal.rb:1604:in `each'
from /Library/Ruby/Gems/2.3.0/gems/rmagick-2.16.0/lib/rmagick_internal.rb:1604:in `from_blob'
from /Library/Ruby/Gems/2.3.0/gems/screengif-0.0.3/lib/screengif.rb:74:in `start'
from /Library/Ruby/Gems/2.3.0/gems/screengif-0.0.3/bin/screengif:10:in `<top (required)>'
from /usr/local/bin/screengif:22:in `load'
from /usr/local/bin/screengif:22:in `<main>'
gpbl commented
OK, I could fix it updating ImageMagick policy.xml. I searched for the file:
find /usr | grep "policy.xml"and then I commented out all but the temporary-patch policy:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policymap [
<!ELEMENT policymap (policy)+>
<!ATTLIST policymap xmlns CDATA #FIXED ''>
<!ELEMENT policy EMPTY>
<!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
]>
<!--
Configure ImageMagick policies.
Domains include system, delegate, coder, filter, path, or resource.
Rights include none, read, write, execute and all. Use | to combine them,
for example: "read | write" to permit read from, or write to, a path.
Use a glob expression as a pattern.
Suppose we do not want users to process MPEG video images:
<policy domain="delegate" rights="none" pattern="mpeg:decode" />
Here we do not want users reading images from HTTP:
<policy domain="coder" rights="none" pattern="HTTP" />
The /repository file system is restricted to read only. We use a glob
expression to match all paths that start with /repository:
<policy domain="path" rights="read" pattern="/repository/*" />
Lets prevent users from executing any image filters:
<policy domain="filter" rights="none" pattern="*" />
Any large image is cached to disk rather than memory:
<policy domain="resource" name="area" value="1GP"/>
Define arguments for the memory, map, area, width, height and disk resources
with SI prefixes (.e.g 100MB). In addition, resource policies are maximums
for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
exceeds policy maximum so memory limit is 1GB).
Rules are processed in order. Here we want to restrict ImageMagick to only
read or write a small subset of proven web-safe image types:
<policy domain="delegate" rights="none" pattern="*" />
<policy domain="filter" rights="none" pattern="*" />
<policy domain="coder" rights="none" pattern="*" />
<policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
-->
<policymap>
<!-- <policy domain="system" name="shred" value="2"/> -->
<!-- <policy domain="system" name="precision" value="6"/> -->
<!-- <policy domain="system" name="memory-map" value="anonymous"/> -->
<!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
<policy domain="resource" name="temporary-path" value="/tmp"/>
<!-- <policy domain="resource" name="memory" value="256MiB"/> -->
<!-- <policy domain="resource" name="map" value="512MiB"/> -->
<!-- <policy domain="resource" name="width" value="16KP"/> -->
<!-- <policy domain="resource" name="height" value="16KP"/> -->
<!-- <policy domain="resource" name="list-length" value="128"/> -->
<!-- <policy domain="resource" name="area" value="128MB"/> -->
<!-- <policy domain="resource" name="disk" value="1GiB"/> -->
<!-- use curl -->
<!-- <policy domain="delegate" rights="none" pattern="URL" /> -->
<!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
<!-- <policy domain="delegate" rights="none" pattern="HTTP" /> -->
<!--
Imagemagick does not need to have been explicitly built against Ghostscript
to be vulnerable to Ghostscript-related vulnerabilities. convert will
happily use tools it can find at runtime, regardless of build options.
http://seclists.org/oss-sec/2018/q3/142
https://www.kb.cert.org/vuls/id/332928
If you need to use Ghostscript functionality you should comment out the
below line, at your own risk.
-->
<!-- <policy domain="coder" rights="none" pattern="{EPS,PS2,PS3,PS,PDF,XPS}" /> -->
<!-- <policy domain="resource" name="file" value="768"/> -->
<!-- <policy domain="resource" name="thread" value="4"/> -->
<!-- <policy domain="resource" name="throttle" value="0"/> -->
<!-- <policy domain="resource" name="time" value="3600"/> -->
<!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
<!-- in order to avoid to get image with password text -->
<!-- <policy domain="path" rights="none" pattern="@*"/> -->
<!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
<!-- <policy domain="cache" name="synchronize" value="True"/> -->
<!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
</policymap>It worked! Hope to help others meeting this issue.
ScottBishop commented
Ran into this same issue after updating brew packages. I ended up removing the policy.xml file altogether and it worked. Thank you very much!