image package

2024-06-28 08:49| 来源: 网络整理| 查看: 265

Overview 露 Security Considerations

Package image implements a basic 2-D image library.

The fundamental interface is called Image. An Image contains colors, which are described in the image/color package.

Values of the Image interface are created either by calling functions such as NewRGBA and NewPaletted, or by calling Decode on an io.Reader containing image data in a format such as GIF, JPEG or PNG. Decoding any particular image format requires the prior registration of a decoder function. Registration is typically automatic as a side effect of initializing that format's package so that, to decode a PNG image, it suffices to have

import _ "image/png"

in a program's main package. The _ means to import a package purely for its initialization side effects.

See "The Go image package" for more details: https://golang.org/doc/articles/image_package.html

Security Considerations 露

The image package can be used to parse arbitrarily large images, which can cause resource exhaustion on machines which do not have enough memory to store them. When operating on arbitrary images, DecodeConfig should be called before Decode, so that the program can decide whether the image, as defined in the returned header, can be safely decoded with the available resources. A call to Decode which produces an extremely large image, as defined in the header returned by DecodeConfig, is not considered a security issue, regardless of whether the image is itself malformed or not. A call to DecodeConfig which returns a header which does not match the image returned by Decode may be considered a security issue, and should be reported per the [Go Security Policy](https://go.dev/security/policy).

Example 露 package main import ( "encoding/base64" "fmt" "image" "log" "strings" // Package image/jpeg is not used explicitly in the code below, // but is imported for its initialization side-effect, which allows // image.Decode to understand JPEG formatted images. Uncomment these // two lines to also understand GIF and PNG images: // _ "image/gif" // _ "image/png" _ "image/jpeg" ) func main() { // Decode the JPEG data. If reading from file, create a reader with // // reader, err := os.Open("testdata/video-001.q50.420.jpeg") // if err != nil { // log.Fatal(err) // } // defer reader.Close() reader := base64.NewDecoder(base64.StdEncoding, strings.NewReader(data)) m, _, err := image.Decode(reader) if err != nil { log.Fatal(err) } bounds := m.Bounds() // Calculate a 16-bin histogram for m's red, green, blue and alpha components. // // An image's bounds do not necessarily start at (0, 0), so the two loops start // at bounds.Min.Y and bounds.Min.X. Looping over Y first and X second is more // likely to result in better memory access patterns than X first and Y second. var histogram [16][4]int for y := bounds.Min.Y; y < bounds.Max.Y; y++ { for x := bounds.Min.X; x < bounds.Max.X; x++ { r, g, b, a := m.At(x, y).RGBA() // A color's RGBA method returns values in the range [0, 65535]. // Shifting by 12 reduces this to the range [0, 15]. histogram[r>>12][0]++ histogram[g>>12][1]++ histogram[b>>12][2]++ histogram[a>>12][3]++ } } // Print the results. fmt.Printf("%-14s %6s %6s %6s %6s\n", "bin", "red", "green", "blue", "alpha") for i, x := range histogram { fmt.Printf("0x%04x-0x%04x: %6d %6d %6d %6d\n", i

【本文地址】

公司简介

联系我们