explaingit

google/wuffs

4,745CAudience · developerComplexity · 4/5Setup · moderate

TLDR

A C library for reading image, audio, and compressed file formats that is guaranteed free of memory-safety bugs at compile time, and decodes formats like PNG and GIF faster than most established alternatives.

Mindmap

mindmap
  root((wuffs))
    What it does
      Safe file format parsing
      Images audio video fonts
      Compile-time safety proofs
    Safety model
      No overflow at runtime
      No out-of-bounds access
      Verified at compile time
    Performance
      PNG 1.2x to 2.7x faster
      GIF 2x to 6x faster
      Pure computation only
    Integration
      Ships as C source file
      No extra toolchain needed
      Drop-in C or C++ library
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Add fast, memory-safe PNG and GIF decoding to a C or C++ project by dropping in the pre-generated Wuffs C source file.

USE CASE 2

Replace a potentially vulnerable image-parsing library in a security-sensitive application with one that cannot overflow or access memory out-of-bounds.

USE CASE 3

Process untrusted uploaded image files in a server without risk of memory-safety exploits from malformed or malicious inputs.

USE CASE 4

Decode images faster than libpng in a performance-critical application such as a browser, game engine, or image processing pipeline.

Tech stack

CWuffs

Getting it running

Difficulty · moderate Time to first run · 30min

Using the library only requires including a single pre-generated C file, modifying or extending Wuffs requires learning its annotation-heavy language and toolchain.

In plain English

Wuffs is a programming language and standard library built specifically for reading and writing file formats safely and quickly. Its name stands for Wrangling Untrusted File Formats Safely. It handles images, audio, video, fonts, and compressed archives. The central problem Wuffs solves is that many security vulnerabilities come from processing files written by strangers. A malformed image file, for example, can crash or exploit a program that reads it carelessly. Wuffs addresses this by checking for overflow errors, out-of-bounds memory access, and similar bugs at compile time rather than at runtime. If the code compiles, those three categories of bugs cannot occur. Wuffs achieves speed by stripping away everything that is not pure computation. The language cannot make system calls, cannot read files directly, and cannot allocate or free memory on its own. It only transforms bytes in one form to bytes in another form. This narrow focus lets it run faster than widely used C libraries for the same tasks: the benchmarks show it decoding PNG 1.2 to 2.7 times faster than established alternatives, and GIF 2 to 6 times faster. Developers who want to use Wuffs do not need to learn the Wuffs language. The library ships as pre-generated C code that any C or C++ project can include like any other third-party library. The Wuffs language and its toolchain are only needed by people who want to modify or extend the library itself. The trade-off is that writing Wuffs code takes more effort than writing ordinary C. Programmers must add annotations that prove to the compiler that no overflow can happen, which slows authoring but guarantees correctness.

Copy-paste prompts

Prompt 1
Show me how to decode a PNG file in a C program using the Wuffs library, how do I include the header and call the PNG decoder on a buffer of bytes?
Prompt 2
I process user-uploaded images in a C server and need protection against malformed files. How does Wuffs guarantee memory safety at compile time and how do I integrate it?
Prompt 3
What formats does google/wuffs support today, and how do I use it to decode a GIF and extract individual frames in a C program?
Prompt 4
I want to extend Wuffs to add support for a new image format. What does writing Wuffs code look like and how do the compile-time safety annotations work?
Open on GitHub → Explain another repo

← google on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.