-
Notifications
You must be signed in to change notification settings - Fork 611
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enabled bounds check for gif frames #1417
Enabled bounds check for gif frames #1417
Conversation
On a note: I just discovered that, when running all test targets, the check_references & render_images tests fail with the tests\images\gif\anim\oob.gif. Not suprisingly I guess. Image viewers I tested display that image regardless (interestingly Windows, IrfanView and VSCode all seem to display it differently). If this should be supported it must be defined how i guess. |
The common interpretation is to discard data outside the bounds and only blend the pixels that are inbounds. I'm quite worried why the CI does not show failure despite images failing to render? |
To me it looks like if |
@fseegraeber You're right. The reference tests need both |
Enabling the bounds check is not the way to go then. What you describe seems to be the current behavior. Problematic are only frames that exceed the logical screen in size. These currently lead to a panic. Should we
Ideally the underlying gif decoder would directly support that scenario (transfering a frame rectangle into a target rectangle) making additional allocations unneccesary, but I'm not sure if that is desired. |
I believe the code already has the intention of doing that: Lines 264 to 277 in b77d4f3
If there are any remaining panics (now I'm no longer sure) then I think we should fix those while keeping that same intention. |
You'r right the Line 110 in b77d4f3
self.reader.read_into_buffer(buf) expects buf to be atleast of frame size, but it is of size self.total_bytes() which uses the logical screen size.
It probably makes sense to consolidate those two methods. |
Well spotted. Yes, that seems like the right way to handle it. |
Refactored to align GifFrameIterator::next() with GifDecoder::read_image.
e5a752c
to
281e95e
Compare
I refactored The functionality is pretty similar, yet there are some differences, that made it hard to really consolidate them. fn read_next_frame(blend: Option<F>, ...) where F: Fn(...) {... but couldn't get it to compile in the end😄 . I doubt it would really have improved readability. I refactored some of the shared functionality into a helper struct, not sure how much that imroves it though. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That all looks good to me, including helper struct. Doing the infallible conversions to our datatypes in one place instead of interrupting code flow and assigning to previous declared stack slots improves readability.
Fixes #1238
Reading a gif that contained frames exceeding its "Logical Screen" dimensions would panic.
This PR simply enables the check that is provided by the underlying decoder.
Feel free to reject or comment if you want to handle out of bounds frames differently.