On Tue, 11 Sep 2018 00:07:27 +0200 Bastien Nocera <had...@hadess.net> wrote:
> On Mon, 2018-09-10 at 22:29 +0200, Magnus Bergman wrote: > > On Mon, 10 Sep 2018 11:31:42 +0200 > > Bastien Nocera <had...@hadess.net> wrote: > > > > I do use a library (or two). I've written one plugin that uses > > giflib and one that uses ImageMagick. I assumed using giflib would > > be a straighter path, but it wasn't. Firstly it only supports > > reading images > > from disk (but abydos automatically creates temporary files then > > needed > > so that didn't add any extra code at least). Secondly it doesn't do > > much more than unpacking the pixels. How to interpret what comes out > > is > > left as an exercise for the user, and requires a bit of knowledge > > about > > the GIF formats and it's quirks. So that plugin isn't built by > > default. > > ImageMagick on the other hand did much more to be of help, and > > required > > far less code to use. So shifting the responsibility to ImageMagick > > seems reasonable, I think. > > No, it really isn't: > https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html > > We want to have less CVEs, not more. I see what you mean. A few of them (although none of the more serious ones) were even related to the GIF loader specifically. But the sheer volume kind of speaks for itself otherwise. :( > > I tested them both on all the GIF images included in the gdk-pixbuf > > test suit. Both plugins mostly work, but to varying degree. The one > > based on giflib segfaults with 1_partyanimsm2.gif (because the > > allocation containing the pixels which giflib provides is less than > > the > > images width x height, I haven't yet looked deeper into it). The > > ImageMagick based plugin on the other doesn't crash at least, and > > all the invalid images are correctly classified as invalid. The > > image 1_partyanimsm2.gif still shows as garbage except the first > > frame. The image aero.gif has the frame delay set to zero for every > > frame but the > > first. I'm not sure how that should be interpreted, so I simply > > exchanged zero values for a small delay (0.02 seconds). I will read > > up > > on the GIF format and hopefully get things working better. > > > > It's available here if you want to try it out: > > http://snisurset.net/code/abydos/ > > Having looked at giflib, and knowing the author, the current plan > still is to have something based on libnsgif in the future. I guess I'll write a third GIF plugin based libnsgif then. _______________________________________________ gtk-devel-list mailing list gtk-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/gtk-devel-list
