You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As of Go 1.7.3 there is no way to know if a file is actually a valid JPEG or PNG image without loading it into an image.Image, which causes a lot of unnecessary allocations. There are DecodeConfig functions, but they don't read the whole image, so a file might be valid in its first bytes but then containing either garbage or something malicious.
This proposal is for discussion about whether it's possible and practical to provide Validate(r io.Reader) error functions in image/* packages that would read the file, validate it, but not store it.
The text was updated successfully, but these errors were encountered:
Any solution here should also consider #8055 at the same time, as their solutions will likely involve similar mechanisms.
If #8055 were solved, this "Validate" proposal might just mean decoding into something like an ioutil.Discard sort of sentinel dummy buffer, which the image packages could optimize if they detect it, reducing their CPU load where appropriate.
(This is inspired by this Russian StackOverflow question about image validation in Go.)
As of Go 1.7.3 there is no way to know if a file is actually a valid JPEG or PNG image without loading it into an
image.Image
, which causes a lot of unnecessary allocations. There areDecodeConfig
functions, but they don't read the whole image, so a file might be valid in its first bytes but then containing either garbage or something malicious.This proposal is for discussion about whether it's possible and practical to provide
Validate(r io.Reader) error
functions inimage/*
packages that would read the file, validate it, but not store it.The text was updated successfully, but these errors were encountered: