Possible image data leak when resizing a transparent GIF
See original GitHub issueHi there, I’m seeing leaked image data when resizing a transparent GIF image.
I’m unsure if this is a issue with sharp/vips or the loader that handles GIF images. It looks like the content of resizes leak into the resize of transparent GIF images.
Here’s the output of resizing one png and a gif multiple times:
(with flatten):
(without flatten):
After transforming the png, each transformation of the transparent gif leaks leaks some information. In this minimal case, it’s pretty uncommon but we’ve seen worse in production.
Is this a known issue that once can possibly fix by using a different configuration? Trying to reproduce it with a transparent png, it doesn’t happen 🤔
Here’s the minimal setup for the above output (note it will result in slightly different images depending on your system).
const sharp = require("sharp");
const fs = require("fs");
const fA = "top-secret.png";
const fB = "transparent.gif";
let counter = 0;
function transform(fileName) {
return new Promise(resolve => {
const resizer = sharp()
.flatten(true)
.rotate()
.toFormat("png")
.resize(300, 400)
.min()
.crop(sharp.gravity.center);
const writeStream = fs.createWriteStream(
`./outputs/${fileName}.${counter}.png`
);
writeStream.on("close", () => {
counter++;
resolve();
});
fs.createReadStream(`./inputs/${fileName}`)
.pipe(resizer)
.pipe(writeStream);
});
}
async function main() {
await transform(fA);
await transform(fB);
await transform(fB);
await transform(fB);
await transform(fB);
await transform(fB);
await transform(fB);
await transform(fB);
await transform(fB);
await transform(fB);
await transform(fB);
await transform(fB);
await transform(fB);
await transform(fB);
await transform(fB);
}
main().catch(e => console.error(e));
Here are the given inputs:
Do you have any ideas or suggestions on how to proceed with this?
Thanks
Issue Analytics
- State:
- Created 5 years ago
- Comments:7 (3 by maintainers)
Top GitHub Comments
I added something to 0 pages before load, does that fix it?
It’s just snuck under the wire, so yes, in 8.7.0. Assuming it works!