Closed Shnatsel closed 1 year ago
Also, you might be interested in a new pure-Rust PNG decoder that outperforms the png
crate, libpng
and even libspng
: https://github.com/etemesi254/zune-image/tree/dev/zune-png
It also happens to not have the limits entirely configurable without artificial caps. It's been tested extensively on-real world images and is fuzzed on CI. It is is very close to being usable in production, the only blocker is https://github.com/etemesi254/zune-image/issues/84
This time this was deliberate, because I have this exposed to the internet, and I keep getting beg bounties about potential DoS from large images.
Perhaps this should be configurable via a command-line parameter? For example, imagemagick
supports setting size limits. The image
crate does as well.
I've made it configurable in load_image and upped the default limit. If you rebuild cavif from source it will have the higher limit.
Thank you!
I'm seeing the same issue as in #54 on cavif v1.5.0 and lodepng v3.7.2. It was supposed to be fixed in lodepng v3.6.2, but has apparently regressed.
Here's a sample real-world image that causes this issue: 16015524417537530135363