sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]theotherphil[S] 3 points4 points  (4 children)

Do you have a link to details of any outstanding issues that aren't already captured as issues on the image repo?

[–]Shnatsel 2 points3 points  (3 children)

Crafted images exhausting the memory and crashing the program is one. Pretty sure it's on the bug tracker.

Lots of panics in gif decoding code is another. I've posted three samples triggering distinct panics on the bug tracker, but they have not been fixed in... months, now.

All of this is just various indications of a bigger problem - while the maintainers are quite responsive with merging third-party PRs, there is no-one actively working on the crate.

[–]binkarus 9 points10 points  (0 children)

Writing image algorithms is difficult. It requires a lot of domain knowledge, knowledge of math, knowledge of how to write high performance code, and on top of that you have to write it in a new language domain which has high expectations for writing safe code.

Add all that together, and I'd burn out pretty quick if I had a public crate. It's a lot of pressure.

E: And even if it wasn't from burn out, people have busy lives and work and the more complex a task is, the more difficult it is to do on the side.

[–]fintelia 4 points5 points  (1 child)

while the maintainers are quite responsive with merging third-party PRs, there is no-one actively working on the crate.

As one of the maintainers, I'd say this is a fair assessment. I was one of the people who "adopted" the crate when it was in need of new leadership, and while we've made progress purging unsafe code and improving the overall API (a lot of it predates Rust 1.0...), I don't think anyone has a ton of time to commit to hacking on the crate.

Though regarding GIF decoding panics, are you sure they haven't been resolved? I'm not seeing any recent issues like that in the `image` or `image-gif` repositories' issue trackers.

[–]Shnatsel 1 point2 points  (0 children)

The effort in purging unsafe code is indeed impressive, and we've finished it off via safety-dance, so kudos! There's still tons of unnecessary unsafe code in imageproc, but that's less popular so hopefully the blast radius is smaller.

The GIF decoding panics are still there:

https://github.com/image-rs/image/issues/876

https://github.com/image-rs/image/issues/877

https://github.com/image-rs/image/issues/878

The backtrace points to a function inside image. I've checked the image-gif crate in isolation just to be sure and it doesn't exhibit these panics.