Skip to main content

JxlDecoderLimits

zenjxl_decoder::api

Struct JxlDecoderLimits 

Source 
#[non_exhaustive]
pub struct JxlDecoderLimits {
    pub max_pixels: Option<usize>,
    pub max_extra_channels: Option<usize>,
    pub max_icc_size: Option<usize>,
    pub max_tree_size: Option<usize>,
    pub max_patches: Option<usize>,
    pub max_spline_points: Option<u32>,
    pub max_reference_frames: Option<usize>,
    pub max_memory_bytes: Option<u64>,
}
Expand description

Security limits for the JXL decoder to prevent resource exhaustion attacks.

These limits protect against “JXL bombs” - maliciously crafted files designed to exhaust memory or CPU. All limits are optional; None means use the default.

§Example

use zenjxl_decoder::api::JxlDecoderLimits;

// Use restrictive preset for untrusted input
let limits = JxlDecoderLimits::restrictive();

// Or use defaults for normal operation
let defaults = JxlDecoderLimits::default();

// Or unlimited for trusted input (use with caution)
let unlimited = JxlDecoderLimits::unlimited();

Fields (Non-exhaustive)§

This struct is marked as non-exhaustive
Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.
§max_pixels: Option<usize>

Maximum total pixels (width × height). Default: 2^30 (~1 billion). This is checked early during header parsing.

§max_extra_channels: Option<usize>

Maximum number of extra channels (alpha, depth, etc.). Default: 256. Each extra channel requires memory proportional to image size.

§max_icc_size: Option<usize>

Maximum ICC profile size in bytes. Default: 2^28 (256 MB).

§max_tree_size: Option<usize>

Maximum modular tree size (number of nodes). Default: 2^22. Limits memory and CPU for tree-based entropy coding.

§max_patches: Option<usize>

Maximum number of patches. Default: derived from image size. Set to limit patch-based attacks.

§max_spline_points: Option<u32>

Maximum number of spline control points. Default: 2^20.

§max_reference_frames: Option<usize>

Maximum number of reference frames stored. Default: 4. Each reference frame consumes memory equal to the image size.

§max_memory_bytes: Option<u64>

Maximum total memory budget in bytes. Default: None (unlimited). When set, the decoder tracks allocations and fails if budget exceeded. This provides defense-in-depth against memory exhaustion attacks.

Implementations§

Source§

impl JxlDecoderLimits

Source

pub fn unlimited() -> Self

Returns limits with no restrictions (all None). Use with caution - only for trusted input.

Source

pub fn restrictive() -> Self

Returns restrictive limits suitable for untrusted web content.

Trait Implementations§

Source§

impl Clone for JxlDecoderLimits

Source§

fn clone(&self) -> JxlDecoderLimits

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for JxlDecoderLimits

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for JxlDecoderLimits

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.