llabeyrie/Juicepyter
1
0
Fork 0
Code Issues 14 Pull Requests Activity

Missing validation of generated image before saving in prompt_to_card_pipeline.py #14

New Issue
Open
opened 2026-03-19 17:31:05 +00:00 by llabeyrie · 0 comments
llabeyrie commented 2026-03-19 17:31:05 +00:00
Owner
Copy Link

Description

In prompt_to_card_pipeline.py lines 230-242, the image generation result is used without sufficient validation:

result = self._pipe(conditioning, ...)

if not hasattr(result, "images") or not result.images:
    raise RuntimeError(...)

image = result.images[0]          # could still fail
if save_path:
    output_file = Path(save_path).resolve()
    output_file.parent.mkdir(parents=True, exist_ok=True)
    image.save(str(output_file))  # no error handling

Problems

  • result.images[0] could raise IndexError if images is an empty-like object that passes the truthiness check
  • No validation that image is actually a PIL Image before calling .save()
  • No exception handling for .save() failures (disk full, permission denied, invalid path)
  • No check that the saved file actually exists and has non-zero size after writing

Fix

Add explicit type check and wrap save in try/except:

from PIL import Image as PILImage

if not isinstance(image, PILImage.Image):
    raise TypeError(f"Expected PIL Image, got {type(image)}")

try:
    image.save(str(output_file))
except (OSError, IOError) as e:
    raise RuntimeError(f"Failed to save image to {output_file}: {e}") from e
## Description In `prompt_to_card_pipeline.py` lines 230-242, the image generation result is used without sufficient validation: ```python result = self._pipe(conditioning, ...) if not hasattr(result, "images") or not result.images: raise RuntimeError(...) image = result.images[0] # could still fail if save_path: output_file = Path(save_path).resolve() output_file.parent.mkdir(parents=True, exist_ok=True) image.save(str(output_file)) # no error handling ``` ### Problems - `result.images[0]` could raise `IndexError` if images is an empty-like object that passes the truthiness check - No validation that `image` is actually a PIL Image before calling `.save()` - No exception handling for `.save()` failures (disk full, permission denied, invalid path) - No check that the saved file actually exists and has non-zero size after writing ### Fix Add explicit type check and wrap save in try/except: ```python from PIL import Image as PILImage if not isinstance(image, PILImage.Image): raise TypeError(f"Expected PIL Image, got {type(image)}") try: image.save(str(output_file)) except (OSError, IOError) as e: raise RuntimeError(f"Failed to save image to {output_file}: {e}") from e ```
llabeyrie added the bugpriority: medium labels 2026-03-19 17:31:49 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Potential bugs and logic errors
 code-quality
Code quality, duplication, inconsistent patterns
 dependencies
Dependency management issues
 documentation
Documentation improvements
 performance
Performance and efficiency improvements
 priority: critical
Must fix — blocks core functionality
 priority: high
Important — affects reliability or security
 priority: low
Nice to have — polish and optimization
 priority: medium
Should fix — improves quality and maintainability
 structure
Project structure and organization
 testing
Missing or insufficient tests
 tooling
Tooling, CI/CD, developer experience
No Label bug priority: medium
Milestone
No items
No Milestone
Assignees
Clear assignees
llabeyrie
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: llabeyrie/Juicepyter#14
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?