Re: [Tuxpaint-devel] [PATCH 2/2] Check for PNG valid image before reading metadata
An award-winning drawing program for children of all ages
Brought to you by:
wkendrick
From: Albert C. <aca...@gm...> - 2010-06-13 10:12:09
|
I don't think this is good. If we have to handle bad images, then we have to handle bad images that happen to have a fully normal 8-byte PNG signature. Thus, checking the signature is extra code that we don't need. If this is a code path that realistically could need to deal with untrusted image data, then effort should be focused on what happens when we actually try to process the image. Otherwise, it's an error that won't happen. Note that printing to stderr is not an appropriate way to handle any error that a kid could realistically encounter. Normal users will not see stderr at all, ever. |