Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: add Validate functions to image/jpeg, image/png etc. #18098

Open
ainar-g opened this issue Nov 29, 2016 · 2 comments
Open

proposal: add Validate functions to image/jpeg, image/png etc. #18098

ainar-g opened this issue Nov 29, 2016 · 2 comments
Labels
Proposal Proposal-Hold
Milestone
Proposal

Comments

@ainar-g
Copy link
Contributor

ainar-g commented Nov 29, 2016

(This is inspired by this Russian StackOverflow question about image validation in Go.)

As of Go 1.7.3 there is no way to know if a file is actually a valid JPEG or PNG image without loading it into an image.Image, which causes a lot of unnecessary allocations. There are DecodeConfig functions, but they don't read the whole image, so a file might be valid in its first bytes but then containing either garbage or something malicious.

This proposal is for discussion about whether it's possible and practical to provide Validate(r io.Reader) error functions in image/* packages that would read the file, validate it, but not store it.
@bradfitz
Copy link
Contributor

Any solution here should also consider #8055 at the same time, as their solutions will likely involve similar mechanisms.

If #8055 were solved, this "Validate" proposal might just mean decoding into something like an ioutil.Discard sort of sentinel dummy buffer, which the image packages could optimize if they detect it, reducing their CPU load where appropriate.

Then the only new API is e.g. jpeg.DecodeBuffer(r, buf) (similar to https://golang.org/pkg/io/#CopyBuffer)

/cc @nigeltao @robpike

@bradfitz bradfitz added this to the Proposal milestone Nov 29, 2016
@rsc
Copy link
Contributor

rsc commented Dec 12, 2016

On hold until #8055 is resolved.
/cc @nigeltao

@iand iand mentioned this issue Sep 24, 2018
Open
@drswork drswork mentioned this issue Dec 6, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Proposal Proposal-Hold
Projects
None yet
Milestone
Proposal
Development

No branches or pull requests
3 participants
@bradfitz @rsc @ainar-g