Comments (6)
Sorry that this bug is proving disruptive. Upstream has indicated that it'll be fixed in their next release, and we already have #2198 ready for upgrading to it. In the meantime, there isn't much more to be done on our end. You might be able to work around it using catch_unwind
though.
As far as using using this crate for user input on a web server, I will caution that the code hasn't been fully hardened against malicious input. Over the last few years we've used fuzzing to significantly cut down on the number of places that can trigger panics from malicious input, but that work is not yet complete.
Finally, in light of some of the discussion on linked issues, I want to remind everyone to engage respectfully. These crates are all maintained by volunteers. You aren't owed a release on any particular schedule.
from image.
zune-jpeg has several functional regressions (in the form of full-blown panics) that present when decoding jpegs in image 0.25 that the zune author has patched in the api-incompatible 0.5 release but has thus far not responded to requests for backports for 0.4 that image uses (one of these is a one-line patch to the current 0.4 zune-jpeg
release).
Could there be some sort of discussion/agreement between the authors of image
and zune
to get backported fixes for critical issues like this that effectively completely block users from upgrading to the current image
version or force them to depend on multiple versions of image
(and its transitive dependencies) to work around semver issues?
Otherwise, is there any consideration for using a patched/forkedf version of zune-jpeg
for a new image
point release until a release with full zune-jpeg
0.5 support is issued?
image
is, at this point, a foundational crate in the rust ecosystem and it is really sad to see a major release completely broken by faulty assertions in a core transitive dependency that have already been patched upstream.
from image.
I can confirm this problem - after update to 0.25 (which switched to to zune as default jpeg backend) I see assertion panic for several jpeg images.
zune has this issue etemesi254/zune-image#184
Looks like solution is upgrade to zune 0.5 ...
For me it's quite serious problem - using library for icons creation in web server so panic is no go.
from image.
@fintelia - Thanks for reply - for now I've downgraded to 0.24 - which does not have these issues.
Actually hyper or tokio is using catch unwind, so it only kills one of tokio worker threads (which I believe is then replaced), but anyhow panic is no good.
I definitely did not want to be pushy, I understand the burden of maintaining an opensource project, big thanks to all of image and zune contributors.
I just wanted to stress, that jpegs, that caused panic are generally common. It was not specially crafted jpeg - I do have some collection of downloaded covers and problem was with notable fraction of these - like %5 - so just wanted to highlight the importance of the issue.
from image.
Yeah, unfortunately that's kind of common with image files. Some specific encoder might consistently generate weird files that all fail the same way, while images produced by other encoders might never fail that way. The zune-jpeg crate was tested on a corpus of ~40,000 images but evidently it either regressed or no images like yours were included
from image.
If you are unhappy with this crate, you are welcome to a full refund.
I'm going to close this issue because the bug is in a different crate and the discussion here is no longer constructive
from image.
Related Issues (20)
- Panic when checking broken tiff file HOT 1
- Freeze when trying to open and save jpg and webp files HOT 3
- Random crashes when decoding exr file HOT 2
- `image` still depends on `jpeg-decoder` through the `tiff` crate
- `rayon` is included in the dependency tree even when the `rayon` feature is disabled when `ravif` feature is enabled HOT 1
- The documentation on `crop()` is confusing HOT 1
- Add in-place versions of all rotation operations HOT 1
- `DynamicImage::crop()` is slow because `to_image()` is slow HOT 1
- Cropping API doesn't check bounds, easy to misuse HOT 7
- EnumeratePixels and EnumerateRows should implement DoubleEndedIterator HOT 3
- Implement a `rows()` iterator on `SubImage` HOT 6
- how to convert a rgbaImage to opencv's Mat?
- Regression: Hot lib reload, unable to find __rust_alloc. HOT 6
- Increased generation loss in JPEG encoder HOT 1
- Broken link in docs HOT 2
- Should the next major release be 1.0? HOT 2
- Detect alpha on jpeg HOT 2
- Alternate versions of the crates which allow regular breaking changes HOT 7
- Animated WebP decoding error HOT 8
- “Corrupt RLE data” on simple BMP
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from image.