[go] image, image/gif: document DecodeConfig before Decode for untrusted input

2 views
Skip to first unread message

Gopher Robot (Gerrit)

unread,
May 14, 2026, 5:41:45 PM (2 days ago) May 14
to Angel D, Gerrit Bot, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Dmitri Shuralyov, Dmitri Shuralyov, golang...@luci-project-accounts.iam.gserviceaccount.com, Alan Donovan, Nigel Tao, Rob Pike, golang-co...@googlegroups.com

Gopher Robot submitted the change

Change information

Commit message:
image, image/gif: document DecodeConfig before Decode for untrusted input

Document that image.Decode may allocate memory proportional to width and
height from the image header before all pixel data is consumed or validated,
and that image.DecodeConfig reads only headers without allocating a full
pixel buffer.

Add package-level and function-level notes on gif.Decode, gif.DecodeAll,
and gif.DecodeConfig pointing to the same guidance and the Security
Considerations section in package image.

Add ExampleDecode_untrusted in package image: call DecodeConfig, reject
oversized dimensions using an int64 pixel product, then Decode.

Updates #79063
Change-Id: I491fa036dab49f4d413e04df161da5f430f3cf97
GitHub-Last-Rev: 8effaee7164de82179f93c7bd5286da0910f4323
GitHub-Pull-Request: golang/go#79221
Auto-Submit: Alan Donovan <adon...@google.com>
Reviewed-by: Alan Donovan <adon...@google.com>
Reviewed-by: Dmitri Shuralyov <dmit...@google.com>
Files:
  • M src/image/decode_example_test.go
  • M src/image/format.go
  • M src/image/gif/reader.go
Change size: M
Delta: 3 files changed, 73 insertions(+), 5 deletions(-)
Branch: refs/heads/master
Submit Requirements:
Open in Gerrit
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: merged
Gerrit-Project: go
Gerrit-Branch: master
Gerrit-Change-Id: I491fa036dab49f4d413e04df161da5f430f3cf97
Gerrit-Change-Number: 774640
Gerrit-PatchSet: 3
Gerrit-Owner: Gerrit Bot <letsus...@gmail.com>
Gerrit-Reviewer: Alan Donovan <adon...@google.com>
Gerrit-Reviewer: Dmitri Shuralyov <dmit...@google.com>
Gerrit-Reviewer: Gopher Robot <go...@golang.org>
Gerrit-Reviewer: Nigel Tao <nige...@golang.org>
Gerrit-CC: Angel D <adavi...@gmail.com>
Gerrit-CC: Dmitri Shuralyov <dmit...@golang.org>
Gerrit-CC: Rob Pike <r...@golang.org>
open
diffy
satisfied_requirement
Reply all
Reply to author
Forward
0 new messages