TIP 116: More Safety for Large Images

Login
Bounty program for improvements to Tcl and certain Tcl packages.
Tcl 2017 Conference, Houston/TX, US, Oct 16-20
Send your abstracts to tclconference@googlegroups.com
by Aug 21.
Author:         Donal K. Fellows <donal.k.fellows@man.ac.uk>
State:          Final
Type:           Project
Vote:           Done
Created:        28-Oct-2002
Post-History:   
Tcl-Version:    8.5

Abstract

This TIP alters the C API for Tk's images so that failures to allocate sufficient memory for a large image can be handled more gracefully than a straight panic().

Rationale

Tk's image mechanism is nice and flexible, but it can run into problems with a large image. If we consider a square image that is 2000 pixels on each side (such sizes of images are becoming more common with the increasing popularity and sophistication of digital photography), we find it requires about 16MB of memory to load (4 million pixels, four bytes per pixel) but obviously just because an application fails to load that image (or something even larger), it doesn't mean that the best course of action is a panic()-induced crash. Instead, a graceful failure back to the Tcl interpreter would allow for scripts to find a way to report this low-memory situation in a way that users can understand.

The problem with this is that for many of the routes through the Tk image API, there is no way to report a memory allocation failure; currently, the only failure mode is total. This TIP changes this.

Proposed Changes

I propose making the following functions that currently return void return int instead and that they should additionally take a standard Tcl_Interp *interp argument to allow an error message describing the failure (currently only due to insufficient memory) to be added to the current interpreter. It will not be an error for the interp argument to be NULL, though it will be up to the caller to guess why the failure happened.

Also note that as a consequence of this, some image-related Tk commands will also gain additional error return situations. Since these all trigger abnormal process termination (and potentially a core-dump too) at the moment, this change in behaviour is believed to be wholly beneficial.

Backward Compatibility

This TIP also proposes a backward compatibility interface, so that extensions need not be heavily modified to work with new versions of Tk. This is done by leaving backwardly-compatible functions in the old locations in Tk's stub table and adding a #define to allow selection of the old API with the standard names. I propose doing this when the symbol USE_PANIC_ON_PHOTO_ALLOC_FAILURE is defined; like this, extension authors can switch from compiling with Tk 8.4 to using later versions by adding just one flag to their makefile (or other build script/environment.)

Note that this interacts with the backward-compatability interface defined in [98]; if that is enabled, the back-compat interface defined here is enabled as well.

Sample Implementation

http://sf.net/tracker/?func=detail&aid=646382&group\_id=12997&atid=312997

Copyright

This document has been placed in the public domain.

History