search

image-rs / image-png

PNG decoding and encoding library in pure Rust
https://docs.rs/png
Apache License 2.0
347 stars 139 forks source link

Reject zero sized images #445

Closed fintelia closed 6 months ago

fintelia commented 6 months ago

The PNG spec states:

Width and height give the image dimensions in pixels. They are PNG four-byte unsigned integers. Zero is an invalid value.

Fixes #444 Fixes #438

CryZe commented 6 months ago

Wouldn't it make sense to change the types to NonZeroU32 then?

fintelia commented 6 months ago

Switching to NonZeroU32 would be an API breaking change. There's also a lot of places throughout the image-rs collection of crates that work with image widths and heights represented as normal integers rather than non-zero integers, so that would have to be a broader discussion than just this one place

Shnatsel commented 6 months ago

The image in the unit test declares the size of 0 x 3, so the decoder is entirely correct in rejecting it.

I've changed the width from 0 to 1 using a hex editor and the file is still broken, just in a different way.

Looking at the PR that introduced it, it seems it was original file was generated by a fuzzer. I don't think it would be feasible to craft a file that triggers the same now-fixed issue, at least not without using a fuzzer and tying it to the implementation details of the library again.

I propose to simply remove the failing test, since there is no reasonable way for us to keep it and fix the 0-size panic.