c/libspng
1
0
Fork 0
mirror of https://github.com/randy408/libspng synced 2025-03-28 21:13:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: move section on untrusted files, cleanup [skip-ci]

Browse Source
This commit is contained in:
Randy 2022-03-23 20:18:36 +01:00
parent c61b888cb9
commit 1aad1dbd61
2 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/decode.md
View File

@ -124,13 +124,27 @@ Moreover the size calculated by `spng_decoded_image_size()` can be checked
against a hard limit before allocating memory for the output image.
Chunks of arbitrary length (e.g. text, color profiles) take up additional memory,
`spng_set_chunk_limits()` is used to set hard limits on chunk length- and cache limits,
note that reaching either limit is handled as a fatal error.
`spng_set_chunk_limits()` is used to set hard limits on chunk length and overall memory usage.
Since v0.7.0 the `SPNG_CHUNK_COUNT_LIMIT` option controls how many chunks can be stored,
the default is `1000` and is configurable through [`spng_set_option()`](context.md#spng_set_option),
this limit is independent of the chunk cache limit.
Note that exceeding any of the chunk limits is handled as an out-of-memory error.
## Decoding untrusted files
To decode untrusted files safely it is required to at least:
* Set an upper limit on image dimensions with `spng_set_image_limits()`.
* Use `spng_decoded_image_size()` to calculate the output image size
and check it against a constant limit.
* Set a chunk size and chunk cache limit with `spng_set_chunks_limits()`
to control memory usage and avoid DoS from decompression bombs.
# API
See also: [spng_set_png_stream()](context.md#spng_set_png_stream), [spng_set_png_file()](context.md#spng_set_png_file).

18
docs/usage.md
View File

@ -26,19 +26,5 @@ spng_ctx_free(ctx);
```
For a complete example see [example.c](https://github.com/randy408/libspng/blob/v0.7.3/examples/example.c).
## Decoding untrusted files
To decode untrusted files safely it is required to at least:
* Set an upper image width and height limit with `spng_set_image_limits()`.
* Use `spng_decoded_image_size()` to calculate the output image size
and check it against a constant limit.
* Set a chunk size and chunk cache limit with `spng_set_chunks_limits()`
to avoid running out of memory. Note that exceeding either limit is
handled as an out-of-memory error since v0.6.0.
For a complete example see [example.c](https://github.com/randy408/libspng/blob/v0.7.3/examples/example.c)
and [Decoding untrusted files](decode.md#decoding-untrusted-files)