Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of fixes to release 0.21.2 #970

Merged
merged 28 commits into from
Jun 5, 2019
Merged

Backport of fixes to release 0.21.2 #970

merged 28 commits into from
Jun 5, 2019

Conversation

HeroicKatora
Copy link
Member

Backports the fixes that happened on master to the 0.21 version
series. Due to the pressure from memory-safety issues surrounding
the release of 0.21.1 the master branch had already significant
interface changes applied. However, crates.io
indicates that a significant amount of users lags behind in major versions
of the crate.

Reducing the ecosystem burden by trying to maintain at least this
version for a longer amount should give more users the chance to
update to a version that fixed the soundness issues. It should be
stressed that this does NOT remove the PixelMut type despite
its issues but 'only' rectifies internal issues It was already deprecated
and such a change absolutely requires a major version. And there are
no promises attached to how long this branch is maintained.

Release of the newer interface with 0.22, which removes that
outstanding unsafe interface, will follow shortly.

Isan-Rivkin and others added 17 commits June 5, 2019 21:12
@Isan-Rivkin @HeroicKatora
adding type for the compiler and deref for pixel
68c29d6
@birktj @HeroicKatora
Update png limits
032e8b0
@philipc @HeroicKatora
bmp/encoder: encode RGBA using bitfields with alpha mask
0f727e4
@bvssvni @HeroicKatora
Fix RgbImage spacing
b8bb07e
@HeroicKatora
Update url references to image-rs group
567e4cf
@HeroicKatora
Add the gitter badge
e18440b
@HeroicKatora
Update contribution url
cc71543
@eopb @HeroicKatora
Derive Debug on FilterType
49e0d16 
This just makes life easier.
@fintelia @HeroicKatora
Remove nearly all instances of unsafe
fb34b6e
@SirWaddles @HeroicKatora
remove power of two check
a3235ee
@fintelia @HeroicKatora
Clarify that webp decoder can only decode luma channel
5f69675
@HeroicKatora
Rename fuzzing samples for windows compatibility
4b547b1 
The command used to rename is also added to the minimization script, to
avoid producing the same issue in future corpus directories and to have
a reference if necessary.
@HeroicKatora
Fix vp8 border block indexing
0e0342f 
Closes: image-rs#774
@birktj @HeroicKatora
Fix webp magic bytes
fbb79d3
@fintelia @HeroicKatora
Make hdr module more consistent with others
8449719
@CensoredUsername @HeroicKatora
Fix a regression in the DXT encoder.
b4f4daa
@fintelia @HeroicKatora
Use scope_threadpool crate only with hdr feature
091d5a0
@HeroicKatora HeroicKatora requested a review from fintelia June 5, 2019 19:31
HeroicKatora
HeroicKatora commented Jun 5, 2019
View reviewed changes
src/webp/vp8.rs Outdated Show resolved Hide resolved
@HeroicKatora
Remove panics in webp/vp8 decoding
6154fab 
Most uncomplete matches are removed by creating proper enums in the webp
implementation and parsing to those constant variants early on. Some
unsupported operations are explicitely failed with a Unsupported error
variant.
@HeroicKatora
Fix panics when loading incomplete prediction initialization data
5877579
@HeroicKatora
Add afl fuzzer setup for webp
d9c4681 
Includes two seeds that were small enough to be viable. They are simply
converted (with imagemagick) samples from the tests/images/ directory.
This is good enough for the first few failures and panics. If you want a
larger corpus, you can put other images into the directory although
larger images can slow the fuzzer down without necessarily giving larger
coverage.
@fintelia
Copy link
Contributor

fintelia commented Jun 5, 2019

I think this plan makes a lot of sense. We have a bunch of breaking changes planned/merged on master so it is good to have one final release without them and a lingering branch in case there are any further patches we want to backport.

@HeroicKatora
Test for minimum entropy decoder input length
a2fc04b 
This seems to originate from one of the samples provided in the RFC,
specifically on page 23. A working version, that does the check for its
input length, can be found in the attached implementation in section 20.
This error is diagnosed as a FormatError.
@HeroicKatora
Ensure to read all input from the vp8 partition
e9e3b56 
A partition not containing as much data as claimed in the header is a
format error. While ignoring it at that moment will likely lead to some
later issues, it is better to check that the read has indeed taken
place.
@HeroicKatora
Avoid panicking on missing bits of entropy
2731d76 
Simply do not refresh the cache state when bits are required during the
decoding process than can be read into the decoder. This strategy is
suggested in the reference implementation of the RFC.
@HeroicKatora
Fix multiplication range error in quantization
00d520c 
At least one of the table entries can exceed the range of a signed
16-bit integer in an intermediate result. The reference implementation
used an `int` of unspecified width for this but this is wasteful in
terms of size of the table (albeit only slightly since the table is
small).
@HeroicKatora
Avoid depending on at least on block in the image
51c3a0a
@HeroicKatora
Add current minimized webp corpus
03668b4
@HeroicKatora
Fix intermediate transformation math types
b6644f4 
Some of the operations can overflow in i32, according to debug mode
builds. This is not intentional as the math is applied to conceptual
fixed point numbers.
@HeroicKatora
Changelog for 0.21.2
da79c38
@birktj
Copy link
Member

birktj commented Jun 5, 2019

Seems like a good idea. This makes me wonder if we should have stricter commit policies in order to make this kind of work easier going forward? @HeroicKatora you should be the most qualified to to answer this, are unstructured/unclear commits a pain when doing this kind of work or is it fine? A quick look through the commit history seems like things are pretty clear, but we have a quite liberal policy with a lot of contributors with different styles.

I guess some marker that differentiates commits with and without breaking changes could be useful? And a policy to keep bug-fixes separate from breaking changes if possible?

I am not trying to say that I think people here write bad commits, just that we maybe with some kind of policy could make stuff like this easier to do.

@HeroicKatora
Copy link
Member Author

HeroicKatora commented Jun 5, 2019
edited
Loading

@birktj It was still alright. There are obviously things that could be improved but the commit style is manageable since almost all PRs were either bugfixes or feature additions. Maybe I missed something but a few additional commits should not be too painful to rebase into a 0.21.3 if required.

I think the biggest lesson to learn here is that the nature of the repository, partially an aggregate of multiple independent image related projects, obviously promotes features and fixes arriving in mixed succession. But rather than purely require better commit messages (though guiding contributors to a style guide wouldn't be wrong) maybe we could have a next branch for breaking changes while developing the incremental fixes and non-breaking changes in master. I see two major advantages that this could have:

  • Less confusion due to master having diverged from the published crate on docs.rs
  • Quicker bugfix releases due to less pressure from rapid breaking releases

Something that might be helpful in communicating this: contributors theoretically have the power to amend and force push to the PR branch (by default, can be switched off explicitly). I don't think it's a good idea to normalize it but at the same time am not sure if contributors are typically aware of it or would be comfortable with a little help on wording and style? Checkbox in the template for opting into it could make this clear.

@HeroicKatora HeroicKatora merged commit 88f3c8d into image-rs:version-0.21 Jun 5, 2019
@HeroicKatora HeroicKatora deleted the version-0.21 branch June 5, 2019 23:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fintelia fintelia fintelia approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@HeroicKatora @fintelia @birktj @Isan-Rivkin @philipc @bvssvni @eopb @SirWaddles @CensoredUsername