fixing gdk-pixbuf image loaders


For GTK 2.0 we want the pixbuf image loaders to be robust against
corrupt image data. At the moment, some of them are completely broken
("gee, I have a number from the network - let's dereference this array
with it!").

All gdk-pixbuf image loading should result in either a reported
GError, or a valid GdkPixbuf.

If the GTK team has to audit/fix the loaders ourselves, you can
basically expect that the more obscure loaders will be dropped from
the release. e.g. the Windows bitmap loader, the Sun RAS loader, the
ICO loader all seem to be based on the same cut-and-pasted code, and
none of them are doing sanity checks on the incoming image data. Even
the loaders that are more sane (PNG, GIF, etc.) are going to require
some audit work, so we'll be focusing on those and simply removing the
obscure stuff from the build.

Unless, of course, we get some helpful assistance! ;-) Please, let's
fix this so Evolution, GtkHTML, etc. can display images with
confidence. You wouldn't want an image received via email to delete
your home directory contents, would you?

Fixes should be merged to gdk-pixbuf 1.0 in the stable branch as well,
though errors can't actually be reported using that API. In my
experience it's simpler to write the code with error reporting in the
GTK tree, then backport to gdk-pixbuf stable, because it's easier to
remove error reporting than add it. But feel free to work from either
codebase, as long as the fixes get synced to the other one.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]