Skip to content

libspng

libspng is a C library for reading and writing Portable Network Graphics (PNG) format files with a focus on security and ease of use.

It is licensed under the BSD 2-clause “Simplified” License.

Motivation

The goal is to provide a fast PNG library with a simpler API than libpng.

Performance

Features

Feature spng libpng stb_image lodepng
Decode from stream
Gamma correction
No known security bugs[1]
Progressive image read
Parses all standard chunks
Doesn’t require zlib[2]
Encoding Planned
Animated PNG Planned [3]

[1] The project is fuzz tested on OSS-Fuzz and vulnerabilities are fixed before they become public.

[2] Building with miniz is supported.

[3] With a 3rd party patch

Getting libspng

Download and extract the latest release and include spng.c/spng.h in your project, you can also build with CMake or Meson.

Usage

/* Create a context */
spng_ctx *ctx = spng_ctx_new(0);

/* Set an input buffer */
spng_set_png_buffer(ctx, buf, buf_size);

/* Determine output image size */
spng_decoded_image_size(ctx, SPNG_FMT_RGBA8, &out_size);

/* Decode to 8-bit RGBA */
spng_decode_image(ctx, out, out_size, SPNG_FMT_RGBA8, 0);

/* Free context memory */
spng_ctx_free(ctx);

See example.c.

Security & Testing

Code is written according to the rules of the CERT C Coding Standard. All integer arithmetic is checked for overflow and all error conditions are handled gracefully.

The library is continuously fuzzed by OSS-Fuzz, releases are scanned with Clang Static Analyzer, PVS-Studio, and Coverity Scan.

The test suite consists of over 1000 test cases, 175 test images are decoded with all possible output format and flag combinations and compared against libpng for correctness.

FAQ


How does it compare to libpng?

See the comparison page.

Will it be drop-in compatible with libpng?

A compatibility layer was considered but it would need a lot of features implemented outside of libspng.

Are there any size limits?

Images exceeding 4GB per row are not decoded, there are no other limits, at worst it will run out of memory or fail an integer overflow check, all errors are handled gracefully.

Is libspng threadsafe?

libspng is threadsafe as long as contexts are not shared across threads. It is safe to create multiple contexts on a thread.

Why are some functions returning SPNG_EBADSTATE?

A previous function call encountered an irrecoverable error, most decoding errors are not recoverable. Refer to the documentation on error handling.

How is spng pronounced?

The letters are spelled.