`Image` fields should be private for soundness

Question

`Image` fields should be private for soundness

Opened this issue 5 months ago · 0 comments

The following safe code causes undefined behaviour by reading out of bounds:

fn main() {
    let mut image = macroquad::texture::Image::empty();
    image.width += 1;
    image.height += 1;
    dbg!(image.get_image_data());
}

To fix this, all the fields of Image should become private, which would be a breaking change.
The Image::width and Image::height methods for immutable reading already exist as a replacement, along with Image::get_image_data.

Unsafe methods for changing the width and height could be added too if there is a legitimate use case.