
Libspng 0.4.4 – modern alternative to libpng, single source/header pair - randy408
https://libspng.org/
======
nwah1
How does this compare to decoders written in Rust? From a security standpoint,
rust decoders may have an edge.

[https://github.com/PistonDevelopers/image-
png](https://github.com/PistonDevelopers/image-png)

~~~
randy408
If you look at that crate's issue tracker you can see open issues titled
"Crash on malformed input", "4-bit grayscale image is read as 8-bit", I don't
think it's safer or even tested to be correct. For spng there is continuous
regression testing which verifies the decoded images against libpng and is
fuzzed by OSS-Fuzz ([https://github.com/google/oss-
fuzz](https://github.com/google/oss-fuzz)) just like libpng.

------
kayamon
Curious why, seeing as the source code is so small, you don't just make the
single source/header pair the default (and only) distribution? Why even split
it into separate files?

~~~
randy408
It would make the source file ~6k actual lines once the encoder and other
features are added, but I see your point.

