diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/image/image.go | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/image/image.go b/src/image/image.go index dfb70d4eaf..4488a881e1 100644 --- a/src/image/image.go +++ b/src/image/image.go @@ -21,6 +21,20 @@ // // See "The Go image package" for more details: // https://golang.org/doc/articles/image_package.html +// +// # Security Considerations +// +// The image package can be used to parse arbitrarily large images, which can +// cause resource exhaustion on machines which do not have enough memory to +// store them. When operating on arbitrary images, DecodeConfig should be called +// before Decode, so that the program can decide whether the image, as defined +// in the returned header, can be safely decoded with the available resources. A +// call to Decode which produces an extremely large image, as defined in the +// header returned by DecodeConfig, is not considered a security issue, +// regardless of whether the image is itself malformed or not. A call to +// DecodeConfig which returns a header which does not match the image returned +// by Decode may be considered a security issue, and should be reported per the +// [Go Security Policy](https://go.dev/security/policy). package image import ( |