libspng is a C library for reading and writing Portable Network Graphics (PNG) format files with a focus on security and ease of use.
It is licensed under the BSD 2-clause “Simplified” License.
The goal is to provide a fast PNG library with a simpler API than libpng.
|Decode to RGBA8/16||✓||✓||✓||✓|
|Decode from stream||✓||✓||✓||❌|
|Fuzzed by OSS-Fuzz||✓||✓||❌||✓|
|Doesn't require zlib||❌||❌||✓||✓|
* Feature in planning phase
** With a 3rd party patch
spng.c/spng.h in your project, you can also build with CMake or Meson.
/* Create a context */ spng_ctx *ctx = spng_ctx_new(0); /* Set an input buffer */ spng_set_png_buffer(ctx, buf, buf_size); /* Determine output image size */ spng_decoded_image_size(ctx, SPNG_FMT_RGBA8, &out_size); /* Decode to 8-bit RGBA */ spng_decode_image(ctx, out, out_size, SPNG_FMT_RGBA8, 0); /* Free context memory */ spng_ctx_free(ctx);
Security & Testing
Code is written according to the rules of the CERT C Coding Standard. All integer arithmetic is checked for overflow and all error conditions are handled gracefully.
The library is continuously fuzzed by OSS-Fuzz, releases are scanned with Clang Static Analyzer, PVS-Studio, and Coverity Scan.
The test suite consists of over 700 test cases, 175 test images are decoded with all possible output format and flag combinations and compared against libpng for correctness.
How does it compare to libpng?
See the comparison page.
Will it be drop-in compatible with libpng?
A compatibility layer was considered but it would need a lot of features implemented outside of libspng.
Are there any size limits?
There are no set limits. libspng should be safe to use with images or files of any size, at worst it will run out of memory or encounter an integer overflow, all errors are handled gracefully.
Is libspng threadsafe?
libspng is threadsafe as long as contexts are not shared across threads. It is safe to create multiple contexts on a thread.
Why are some functions returning
A previous function call encountered an irrecoverable error, most decoding errors are not recoverable. Refer to the documentation on error handling.