kani
libwebp
kani | libwebp | |
---|---|---|
47 | 13 | |
1,905 | 1,913 | |
3.7% | 0.9% | |
9.5 | 8.8 | |
3 days ago | 6 days ago | |
Rust | C | |
Apache License 2.0 | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kani
-
The C Bounded Model Checker: Criminally Underused
This is also the backend for Kani - Amazon's formal verification tool for Rust.
https://github.com/model-checking/kani
- BoletÃn AWS Open Source, Christmas Edition
-
The Wizardry Frontier
Nice read! Rust has pushed, and will continue to push, the limits of practical, bare metal, memory safe languages. And it's interesting to think about what's next, maybe eventually there will be some form of practical theorem proving "for the masses". Lean 4 looks great and has potential, but it's still mostly a language for mathematicians. There has been some research on AI constructed proofs, which could be the best of both worlds because then the type checker can verify that the AI generated code/proof is indeed correct. Tools like Kani are also a step forward in program correctness.
-
Kani 0.40.0 has been released!
Ease setup in Amazon Linux 2 by @adpaco-aws in #2833
-
Kani 0.39.0 has been released!
Limit --exclude to workspace packages by @tautschnig in #2808
-
Kani 0.38.0 has been released !
Here's a summary of what's new in version 0.38.0:
-
CVE-2023-4863: Heap buffer overflow in WebP (Chrome)
> those applications need the proof for correctness so that more dangerous code---say, what would need `unsafe` in Rust---can be safely added
There are actually already tools built for this very purpose in Rust (see Kani [1] for instance).
Formal verification has a serious scaling problem, so forming programs in such a way that there are a few performance-critical areas that use unsafe routines seems like the best route. I feel like Rust leans into this paradigm with `unsafe` blocks.
[1] - https://github.com/model-checking/kani
-
Kani 0.36.0 has been released!
Enable concrete playback for failure of UB checks by @zhassan-aws in https://github.com/model-checking/kani/pull/2727
-
Kani 0.34.0 has been released!
Change default solver to CaDiCaL by @celinval in https://github.com/model-checking/kani/pull/2557 By default, Kani will now run CBMC with CaDiCaL, since this solver has outperformed Minisat in most of our benchmarks. User's should still be able to select Minisat (or a different solver) either by using #[solver] harness attribute, or by passing --solver= command line option.
-
Kani 0.33.0 has been released!
Add support for sysconf by feliperodri in #2557
libwebp
-
Google assigns a CVE for libwebp and gives it a 10.0 score
The thing that concerns me most is looking at the fix it is very difficult to see why this fix is correct. It also appears as there is lots of code without explicit bounds checks. It makes me worried because while the logic may be safe this makes the logic very complex. I wonder what the cost would be to add an explicit, local bounds check at every array access. This would serve as a backup that is much easier to verify. I suspect the cost would be relatively small. Small enough that I personally would be happy to pay it.
https://github.com/webmproject/libwebp/commit/902bc919033134...
This is also a great reminded that fuzzing isn't a solution to memory unsafe languages and libraries. If anything the massive amount of bugs found via fuzzing should scare us as it is likely only scratching the surface of the vulnerabilities that still lie in the code, a couple too many branches away from being likely to be found by fuzzing.
-
The WebP 0day
There's a follow-up fix, according to Debian[0]: https://github.com/webmproject/libwebp/commit/95ea5226c87044...
[0]: https://security-tracker.debian.org/tracker/CVE-2023-4863
-
CVE-2023-4863: Heap buffer overflow in WebP (Chrome)
The breakage [0] was introduced by the creator [1] of the project. If you want to audit 1674 commits over the past 12 years, it'd be easier to just audit the full project.
[0] https://github.com/webmproject/libwebp/commit/21735e06f7c1cb...
[1] https://github.com/webmproject/libwebp/commit/c3f41cb47e5f32...
- Convenient CPU feature detection and dispatch in the Magnum Engine
-
Whats going on with .webp and why are more and more internet images being converted to it?
If you like the command line, then you can use ffmpeg and ImageMagick, or use libwebp directly
-
What's up with people hating WebP?
The webp parser code is open source. Which means that even if Google decides to hide/obscure the code for webp, they'd legally not be allowed to prevent you from using older versions of the webp parser library. The only thing they could do is patent it, and then companies in the US (which has software patents, unfortunately) would have to pay royalties to decode it anyway; but here comes the next point
What are some alternatives?
prusti-dev - A static verifier for Rust, based on the Viper verification infrastructure.
libjpeg-turbo - Main libjpeg-turbo repository
awesome-rust-formalized-reasoning - An exhaustive list of all Rust resources regarding automated or semi-automated formalization efforts in any area, constructive mathematics, formal algorithms, and program verification.
Save-webP-as-extension - Firefox extension to overlay format and JPEG quality buttons on inline or stand-alone images for quickly saving a converted version of the image.
MIRAI - Rust mid-level IR Abstract Interpreter
BrowserBoxPro - :cyclone: BrowserBox is Web application virtualization via zero trust remote browser isolation and secure document gateway technology. Embed secure unrestricted webviews on any device in a regular webpage. Multiplayer embeddable browsers, open source! [Moved to: https://github.com/BrowserBox/BrowserBox]
gdbstub - An ergonomic, featureful, and easy-to-integrate implementation of the GDB Remote Serial Protocol in Rust (with no-compromises #![no_std] support)
image - [mirror] Go supplementary image libraries
rmc - Kani Rust Verifier [Moved to: https://github.com/model-checking/kani]
libavif - libavif - Library for encoding and decoding .avif files
watt - Runtime for executing procedural macros as WebAssembly
Electron - :electron: Build cross-platform desktop apps with JavaScript, HTML, and CSS