-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid reading beyond the IEND
chunk
#531
Comments
Apart from that, the |
The The former could be replaced by adding a A simpler workaround would be adding a |
This post made me question whether it's a good idea to use BufReader internally: https://graphallthethings.com/posts/better-buf-read The state machine is overcomplicated to handle 1-byte buffers, but such buffers are useless. Being forced to support such edge case seems to be a design flaw of the BufRead trait. |
Yeah, if you look closely at the provided methods on My current theory is that a combination of methods from |
This makes me wonder whether anybody actually uses a If the user has a slice, then
For animations, I think there will be two very different users: one that plays looped animation, and one that processes/converts frames once. Playing animation, especially from the network, will want a complex growing buffer and keep the whole file in memory. However, for 1-pass conversions, it is undesirable to keep the already processed frames in memory just for the I think the library could handle buffering internally, and explicitly allow creation with a |
I'm not sure there's really much overhead from The
I'm not sure I understand this point. |
Nevermind, I've missed that |
Upfront disclaimer: I think that this issue is a relatively low priority for Chromium - I am mainly reporting it to openly share and discuss some of the more exotic requirements/scenarios that may be imposed on image decoders.
Consider the following scenario (based on what a Skia test does here):
Read
in Rust orSkStream
in Skia) contains a PNG image concatenated with some other dataRead
/SkStream
(which just forwards all calls to the main input; it is present only to accomodate the fact that thepng::Decoder::new
consumes/takes-ownership of the input).png
crate for decoding the whole image (including theIEND
chunk viaReader.finish
call).Expected behavior:
IEND
data ends. In the case of theCodec_end
test in Skia, this is achieved through the expectations that the main input stream is positioned right after theIEND
chunk.Actual behavior:
std::io::BufReader
can aggressively read arbitrarily many bytes from the wrappedRead
, potentially overshooting beyond theIEND
chunk.I realize that the
Read
trait doesn't have any APIs to 1) "peek" forward, but 2) only "consume" up to the end ofIEND
. And therefore I don't quite see a nice way to address this. Very silly, brainstorming-quality, probably no-go ideas:Reader
can track and report how many bytes have actually been consumed viaBufRead.consume
(this should be always less then or equal to the number of bytes that have been read viaRead.read
)Read + Seek
thenBufReader.seek
can be called byReader.finish
to position the wrapper reader at the end of the image.This issue is tracked in https://crbug.com/378936780 from Chromium side. This issue seems like a relatively low priority from Chromium perspective, but (based on a test comment) it may potentially cause issues with adoption of
SkPngRustCodec
in Android.The text was updated successfully, but these errors were encountered: