Firefox will consider a Rust implementation of JPEG-XL#1064
Merged
Conversation
Over the past few months, we’ve had some productive conversations with the JPEG-XL team at Google Research around the future of the format in Firefox. Our primary concern with the format has long been the increased attack surface of the reference decoder (currently behind a pref in Firefox Nightly), which weighs in at more than 100,000 lines of multithreaded C++. To address this concern, the team has agreed to apply their subject matter expertise to build a safe, performant, compact, and compatible JPEG-XL decoder in Rust, and integrate this decoder into Firefox. If they successfully contribute an implementation that satisfies these properties and meets our normal production requirements, we would ship it. Time will tell whether the format succeeds in becoming a universal JPEG replacement in the way some folks hope. In the event that it does, it would be unfortunate to potentially introduce memory safety vulnerabilities across the myriad of applications that would eventually need to support it. A safe, fast, and battle-tested Rust decoder from the original team could make that scenario much less likely, and so we’ve opted to spend our chips to make that happen. See also #522.
Closed
martinthomson
approved these changes
Sep 4, 2024
Member
martinthomson
left a comment
martinthomson
left a comment
There was a problem hiding this comment.
A take-it-or-leave-it comment, but this looks good to me.
tantek
approved these changes
Sep 4, 2024
Member
tantek
left a comment
tantek
left a comment
There was a problem hiding this comment.
LGTM and I concur with @martinthomson's edit.
Co-authored-by: Martin Thomson <mt@lowentropy.net>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Over the past few months, we’ve had some productive conversations with the JPEG-XL team at Google Research around the future of the format in Firefox. Our primary concern has long been the increased attack surface of the reference decoder (currently behind a pref in Firefox Nightly), which weighs in at more than 100,000 lines of multithreaded C++. To address this concern, the team at Google has agreed to apply their subject matter expertise to build a safe, performant, compact, and compatible JPEG-XL decoder in Rust, and integrate this decoder into Firefox. If they successfully contribute an implementation that satisfies these properties and meets our normal production requirements, we would ship it.
Time will tell whether the format succeeds in becoming a universal JPEG replacement in the way some folks hope. In the event that it does, it would be unfortunate to potentially introduce memory safety vulnerabilities across the myriad of applications that would eventually need to support it. A safe, fast, and battle-tested Rust decoder from the original team could make that scenario much less likely, and so we’re using our leverage to encourage progress on this front.
Previous discussion in #522.