Comments (7)
I can add AVIF_RESULT_OUT_OF_MEMORY
and do an audit pass, trying to catch all calls to avifAlloc()
and avifArrayPushPtr()
. If I manage to catch them all, perhaps I'll change the policy to enforce this.
from libavif.
I hadn't planned to catch failures to allocate memory, and while I'm sure I could plumb a lot of that through, I'd prefer not to (I could be convinced otherwise).
If I chose not to, how/where would you expect such documention to be?
from libavif.
README.md seems like a good place to document this policy. (It is the only .md file in the source tree.) Another good place would be the public header include/avif/avif.h.
from libavif.
Any chance we can revisit this decision? On mobile especially we can run into situations when the available memory is very limited, and right now the current behavior of libavif would lead to hard-to-debug crashes due to memory corruption. Probably better to explicitly error out if an allocation failed.
from libavif.
Alternatively, we could at least abort()
within avifAlloc
if malloc
failed. This way we avoid undefined behavior of just dereferencing these null pointers.
from libavif.
Alternatively, we could at least abort() within avifAlloc if malloc failed. This way we avoid undefined behavior of just dereferencing these null pointers.
I think that rav1e may already do this, based on the fact that Rust currently aborts the process when a memory allocation fails (see rust-lang/rust#43596) and the lack of an out-of-memory error code in the C API.
While calling abort()
is preferable to derefrencing a null pointer, there are some use cases where it would be unacceptable to terminate the process.
For example, libavif could not be used to create an AVIF plugin for Adobe Photoshop because Photoshop plugins are loaded in-process, and terminating Photoshop on out-of-memory would cause the user to lose all of their images that have unsaved changes.
My Paint.NET AVIF plugin uses AVIF format read/write code written in C#, with AOM for encoding and decoding.
This allows me to report out out-of-memory conditions to the user instead of crashing, and it also uses less memory when loading and saving files.
I can add AVIF_RESULT_OUT_OF_MEMORY and do an audit pass, trying to catch all calls to avifAlloc() and avifArrayPushPtr(). If I manage to catch them all, perhaps I'll change the policy to enforce this.
As I mentioned above, this would depend on the behavior of the individual codecs.
It appears that AOM and dav1d return an error code for out-of-memory, so you may just have to verify and document which codecs support allowing the caller to handle out-of-memory conditions.
from libavif.
The problem is not so much about the allocations performed by the codecs (out of scope for this repository), but the allocations performed by libavif itself.
While calling abort() is preferable to derefrencing a null pointer, there are some use cases where it would be unacceptable to terminate the process.
For example, libavif could not be used to create an AVIF plugin for Adobe Photoshop because Photoshop plugins are loaded in-process, and terminating Photoshop on out-of-memory would cause the user to lose all of their images that have unsaved changes.
I agree that abort is not ideal compared to reporting the errors and letting client code handle them. However, the current version is even worse, dereferencing a null pointer is undefined behavior so the outcome could be anything (including terminating the process).
from libavif.
Related Issues (20)
- libpng warning: iCCP: known incorrect sRGB profile HOT 25
- "setlocale failed" on Windows HOT 15
- Make test_cmd.sh run the UTF-8 tests by default HOT 2
- MinGW CI is broken HOT 5
- Feature Request: Allow TIF as source image HOT 1
- Handling AdobeRGB | CICP? HOT 1
- FAILED while building HOT 10
- build error with `comparison of unsigned expression < 0 is always false` HOT 4
- `-Wignored-attributes` error with old clang HOT 3
- 1.0.3: test suite fails with SIGSEGV in `avifcodectest` unit HOT 2
- QQ about the test releases HOT 4
- ci-windows failure "unknown file: error: SEH exception with code 0xc000001d thrown in the test body" HOT 4
- Sample HDR AVIF decoded to JPG shows incorrect colors HOT 8
- How to build a dynamic library that statically links all dependencies? HOT 1
- Ignore and skip FullBoxes with an unrecognized version
- How to build the.A use of iOS platform? HOT 2
- Make libyuv package-friendly dependency HOT 2
- Roll YCgCo-R out HOT 1
- Add Homebrew install instructions and avifdec/avifenc examples to README HOT 6
- autoconf etc. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libavif.