Mirror only. Please do not send pull requests.
Millions of people in the world are affected by this library. There is a call for libraries used by millions around the world to NOT use C. I love C. But this risk ratio is off the charts and they ought to not use C for such critical libraries.
I think this is the fix https://github.com/webmproject/libwebp/commit/dce8397fec159c...
"malloc fail"? :facepalm:
Wrangling Untrusted File Formats Safely
Specifically, since performance is crucial for this type of work, it should be written in WUFFS. WUFFS doesn't emit bounds checks (as Java does and as Rust would where it's unclear why something should be in bounds at runtime) it just rejects programs where it can't see why the indexes are in-bounds.
You can explicitly write the same checks and meet this requirement, but chances are since you believe you're producing a high performance piece of software which doesn't need checks you'll instead be pulled up by the fact the WUFFS tooling won't accept your code and discover you got it wrong.
This is weaker than full blown formal verification, but not for the purpose we care about in program safety, thus a big improvement on humans writing LGTM.
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
Auditing crates for unsafe code which can be safely replaced
[mirror] Go supplementary image libraries (by golang)
If you want some code to study, https://github.com/golang/image/tree/master/vp8l is a WebP-Lossless decoder in under 1200 lines of code.
Ask HN: Wuffs Examples for Text Files?
1 project | news.ycombinator.com | 22 May 2023
1 project | /r/rustjerk | 5 Apr 2023
RecordFlux: Addressing binary protocol parser vulnerabilities
1 project | news.ycombinator.com | 2 Apr 2023
A new programming language developed by God might have non-integral array indices.
1 project | /r/ProgrammerHumor | 28 Mar 2023
When is C better a better choice than Rust?
1 project | /r/rust | 11 Jan 2023