Sergey "Shnatsel" Davidoff

10 or so. Here's the exact output: https://gist.github.com/Shnatsel/f389152c908bbf78b5dfadbd7dec3f79

Okay, so the branch has actually increased memory usage slightly: 552 Mb before, 586 Mb after. Also, I was not entirely correct: I have 10 directories, each of which contains...

Hello, RustSec advisory DB maintainer here :wave: RustSec uses a custom TOML-based format, but we also provide all advisories in the [OSV format](https://github.com/ossf/osv-schema) in real time. So if you support...

Another image with improper alpha handling: [strike.tif.gz](https://github.com/image-rs/image/files/9035802/strike.tif.gz)

There is also an official AFL corpus for WebP that will help kickstart future fuzzing efforts: https://lcamtuf.coredump.cx/afl/demo/

Even setting width and height limits to cap the output at ~130Mb doesn't help. The following code still OOMs: ```rust let mut reader = image::io::Reader::new(std::io::Cursor::new(data)); reader.set_format(image::ImageFormat::Png); let mut limits =...

FWIW I could not trigger similar failures in JPEG or TIFF.

In fact, I have found a rather large amount of .ico mismatches; here are the 20 most significant ones: [ico-mismatches.tar.gz](https://github.com/image-rs/image/files/9035683/ico-mismatches.tar.gz)

The issue in `png` is fixed in git. I've run this fuzzing harness for 50 million executions, seeded with [the corpus I had for `png`](https://github.com/image-rs/image-png/pull/228), and found no panics or...

Specifically I'm suggesting this because fuzzing has previously found bugs in all major PNG and DEFLATE implementations, both in C and in Rust.