Re: gdk-pixbuf external conversion?

[Owen Taylor <otaylor redhat com>]

Lauris Kaplinski <lauris@kaplinski.com> writes:

> On Sat, 17 Jun 2000, Ian McKellar wrote:
> 
> > On Sat, Jun 17, 2000 at 02:55:00PM +0200, Lauris Kaplinski wrote:
> > > 
> > > The screenshooter uses excellent application (convert?) to do all its
> > > conversion. IMHO something such should be semi-standard part of gnome
> > > itself, maybe as part of bigger file conversion framework.
> > 
> > No!
> > 
> > Down that path there is much pain and suffering. convert will sometimes
> > halt indefinately. It also doesn't solve the right problem. If we adopt
> > this then nobody will write loaders for gdk-pixbuf.
> 
> Yeh, but it is still nicer to have external app hanging, not library
> itself. For external app you can have nice fork + SIG_ALARM routine,
> saying nicely, if something went wrong.
> I think, there should be extensive quality checking, before adding
> loader to standard library - being loaded into app address space, these
> can take down whatever. External app can be isolated much more nicely.
> Also I see no reason populating gdk_pixbuf with tons of weird format
> loaders, almost nobody uses and certainly nobody is interested in
> maintaining. Yet the ability to read every available file format is
> excellent goal - so there certainly is space for on-the-fly external
> conversion utilities.
> If convert is evil, then it should fixed, or new converter written.

One thing that you have to be careful of is that image loaders can be
security holes - a buffer overflow in an image loader can make it
possible for a mail attachment or web page image to cause arbitrary
commands to be executed as a user.

This is as much a problem for external processes as shared processes
and using convert or netpbm suddenly broadens the range of code that
might be vulnerable.

Regards,
                                        Owen