Sergey "Shnatsel" Davidoff
Sergey "Shnatsel" Davidoff
This happens in image from git on commit 04052e64c9a94606efc8bd3d87d5f3e0f566774e Decoding the attached file results in an arithmetic overflow, causing a panic in debug mode: `thread '' panicked at 'attempt to...
`jpeg_decoder::decoder::Decoder::decode_internal` seems to take 50% of the decoding time, or over 75% if using Rayon because this part is not parallelized. This part alone takes more time than libjpeg-turbo takes...
`hyperfine` shows the image decoding being significantly faster with the `rayon` feature disabled: ``` Benchmark 1: jpeg-bench/target/release/jpeg-bench "some-large-jpeg.jpg" Time (mean ± σ): 705.5 ms ± 22.7 ms [User: 830.4 ms,...
The [SSE3](https://github.com/image-rs/jpeg-decoder/blob/master/src/arch/ssse3.rs) and [NEON](https://github.com/image-rs/jpeg-decoder/blob/master/src/arch/neon.rs) SIMD implementations of IDCT mirror each other very closely. It would be great to experiment with using the nightly-only Portable SIMD APIs, and see if there...
Rayon introduces a lot of unsafe code to the dependency graph - at about 2000 unsafe expressions according to cargo-geiger, accounting for over 80% of all unsafe code. This undermines...
http://geph.io links to the wiki for a description of Mizaru: https://github.com/geph-official/geph4/wiki/Mizaru-(WIP) which in turn links to the source code, but clicking that link results in a 404. I believe the...
When given a crafted input lewton attempts to allocate enormous amounts of memory. This presents several issues: 1. This has DoS potential: opening several ogg files for decoding at once...
Given a crafted input, lewton allocates over 1500 Mb of physical memory and spends ~6 seconds decoding a tiny 18kb file. This issue can be used to cause denial of...
[Symphonia](https://github.com/pdeljanov/Symphonia) is already a supported backend for MP3 decoding in rodio, but it is not the default. I believe Symphonia MP3 decoder has matured, and it's time to switch to...
Rustig outputs a lot of places that can panic on real projects. However, in safe code exploiting a panic is not very interesting for an attacker: the best it gets...