search

image-rs / image

Encoding and decoding images in Rust
Apache License 2.0
4.87k stars 600 forks source link

Cropping API doesn't check bounds, easy to misuse #2296

Open Shnatsel opened 1 month ago

Shnatsel commented 1 month ago

In image v0.25.2, the crop() and crop_imm() functions return an image view or an image unconditionally, even if the area to be cropped is completely out of bounds. This makes the API very easy to misuse:

use image; // 0.25.1
use image::{DynamicImage, GenericImageView};

pub fn main() {
    let image = DynamicImage::new_rgba8(50, 50);
    let cropped = image.crop_imm(100, 100, 100, 100); //  Succeeds despite wrong bounds!
    // and when we try to actually use it later...
    cropped.get_pixel(0,0); // PANIC!
}

Demo in playground: https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=0898257582886870218d41c94506e3cb

Shnatsel commented 1 month ago

SubImages seem to be kinda broken in general: https://github.com/image-rs/image/issues/1412