top | item 46110197

(no title)

> Have you seen JPEG XL source code? I like the format, but the reference implementation in C++ looked pretty bad at least 2 years ago. I hope they rewrote it, because it surely looked like a security issue waiting to happen.

At this point, in 2025, any substantial (non-degenerative) image processing written in C++ is a security issue waiting to happen. That's not specific to JPEG XL.

discuss

spookie|3 months ago

Well, the first public implementation dates to 2020. And, the Cpp choice is obvious, simpler integration with the majority of existing image processing libs, tools and utilities. Not to mention GUI toolkits.

Nonetheless, we should really bear in mind how entrenched Cpp is. If you normalize CVEs by language popularity Java looks downright dangerous!

SoKamil|3 months ago

> any substantial (non-degenerative)

Why this quality poses security issues?

izacus|3 months ago

And yet whole of HN is VERY VERY angry because Google won't ship that pile of C++ into most popular software (and app framework) in the world.

usrnm|3 months ago

The most popular software in question is also a giant pile of C++, btw.

mort96|3 months ago

Mozilla's position for some time now has been, "we aren't opposed to shipping JXL support, but we'd want to ship a decent implementation in a memory safe language, not the reference C++ implementation". That position hasn't been met with very much criticism.

Google's position, on the other hand, has been a flat-out "no, we will not ship JXL". That's what has been met with criticism. Not an imagined reluctance to shipping a C++ JXL implementation.

ux266478|3 months ago

Who is saying Google should ship the reference implementation? It's a standard, and Google has the labor to write their own implementation.