Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: add Validate functions to image/jpeg, image/png etc. #18098

Open
ainar-g opened this issue Nov 29, 2016 · 2 comments

Comments

@ainar-g
Copy link
Contributor

commented Nov 29, 2016

(This is inspired by this Russian StackOverflow question about image validation in Go.)

As of Go 1.7.3 there is no way to know if a file is actually a valid JPEG or PNG image without loading it into an image.Image, which causes a lot of unnecessary allocations. There are DecodeConfig functions, but they don't read the whole image, so a file might be valid in its first bytes but then containing either garbage or something malicious.

This proposal is for discussion about whether it's possible and practical to provide Validate(r io.Reader) error functions in image/* packages that would read the file, validate it, but not store it.

@bradfitz

This comment has been minimized.

Copy link
Member

commented Nov 29, 2016

Any solution here should also consider #8055 at the same time, as their solutions will likely involve similar mechanisms.

If #8055 were solved, this "Validate" proposal might just mean decoding into something like an ioutil.Discard sort of sentinel dummy buffer, which the image packages could optimize if they detect it, reducing their CPU load where appropriate.

Then the only new API is e.g. jpeg.DecodeBuffer(r, buf) (similar to https://golang.org/pkg/io/#CopyBuffer)

/cc @nigeltao @robpike

@bradfitz bradfitz added this to the Proposal milestone Nov 29, 2016

@bradfitz bradfitz added the Proposal label Nov 29, 2016

@rsc

This comment has been minimized.

Copy link
Contributor

commented Dec 12, 2016

On hold until #8055 is resolved.
/cc @nigeltao

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.