libspng (simple png) is a C library for reading and writing Portable Network Graphics (PNG) format files with a focus on security and ease of use.
It is licensed under the BSD 2-clause “Simplified” License.
The goal is to provide a fast PNG library with a simpler API than libpng.
|Decode from stream||✅||✅||✅||❌|
|No known security bugs||✅||✅||❌||✅|
|Progressive image read||✅||✅||❌||❌|
|Parses all standard chunks||✅||✅||❌||❌|
|Doesn’t require zlib||✅||❌||✅||✅|
 The project is fuzz tested on OSS-Fuzz and vulnerabilities are fixed before they become public.
 Building with miniz is supported.
 With a 3rd party patch
Download the latest release and include
spng.c/spng.h in your project,
you can also build with CMake or Meson, refer to the documentation for details.
/* Create a context */ spng_ctx *ctx = spng_ctx_new(0); /* Set an input buffer */ spng_set_png_buffer(ctx, buf, buf_size); /* Determine output image size */ spng_decoded_image_size(ctx, SPNG_FMT_RGBA8, &out_size); /* Decode to 8-bit RGBA */ spng_decode_image(ctx, out, out_size, SPNG_FMT_RGBA8, 0); /* Free context memory */ spng_ctx_free(ctx);
Security & Testing¶
Code is written according to the rules of the CERT C Coding Standard. All integer arithmetic is checked for overflow and all error conditions are handled gracefully.
The library is continuously fuzzed by OSS-Fuzz, releases are scanned with Clang Static Analyzer, PVS-Studio, and Coverity Scan.
The test suite consists of over 1000 test cases, 175 test images are decoded with all possible output format and flag combinations and compared against libpng for correctness.
How does it compare to libpng?¶
See the comparison page.
Will it be drop-in compatible with libpng?¶
A compatibility layer was considered but it would need a lot of features implemented outside of libspng.
Are there any size limits?¶
Images exceeding 4GB per row are not decoded, there are no other limits, at worst it will run out of memory or fail an integer overflow check, all errors are handled gracefully.
Is libspng threadsafe?¶
libspng is threadsafe as long as contexts are not shared across threads. It is safe to create multiple contexts on a thread.
Why are some functions returning
A previous function call encountered an irrecoverable error, most decoding errors are not recoverable. Refer to the documentation on error handling.
How is spng pronounced?¶
The letters are spelled.