From status in readme in github:
- misa77's format may change unexpectedly as it's still v0.x.y.
- The decoder assumes that the input is a valid misa77 stream. Invalid input is UB and I offer no guarantees for whatever misa77 does in this case.
- It's been through some local fuzzing but is not hardened, so treat it as experimental.
- Excellent of the author to call these things out.
- All 3 things are show stoppers for any real use.
An unstable format which trusts input is a CVE and data loss magnet.
I'll be resolving issues 2 and 3 in the next couple of weeks (adding a safe decoder and doing a lot of fuzzing).
The format, however, might continue to change for some time because I want to push performance even further.
Which is great and please don't take this as me being critical of the approach you are taking. I think it's perfectly reasonable during early development have your compressed stream in flux.
I've been bitten in the past with other libs that weren't as explicit about their stability.
That is a bit too harsh. Not all applications require those guarantees. It’s fine if you can trust the inputs.
The inputs can never be trusted
If inputs are part of the application bundl3, they can be trusted as much as the code itself.