GNOME Bugzilla – Bug 721372
consider reducing number of supported file formats
Last modified: 2018-05-22 13:15:35 UTC
gdk-pixbuf supports quite a lot of ancient and obscure file formats, often with hand-rolled loader routines which contain long-undiscovered bugs (see bug 721371 for an example just now). This is a massive surface area for attack and I would be surprised if we have several security issues in some of these loaders. We should consider making a list of the image formats that we actually care to support and disable (and possibly delete) the others by default. File formats that are supported by external libraries (written by people who presumably care about them) are good ones for keeping and are also popular: png, jpeg, tiff. It's probably worth keeping .ico and .gif since these are widely used on the web. .bmp is probably still somewhat common as well. .icns is in active use on the mac. xpm/xbm/pnm are maybe interesting from the standpoint that some old unix tools still output these formats and they're very easy to read. wbmp, tga, ras, qtif, pcx, ani... these are probably prime candidates for being removed.
OK. I see that .ani is probably useful to keep -- animated cursor file on Windows.
If you consider just the loaders that are needed for regular operation for GTK+ apps, then sure, png, svg are enough. If you include background handling in the shell, add jpg and you're good. But currently apps like eog or gthumb use gdk-pixbuf and expect it to be able to open any image, more or less.
We could move all the loaders into a separate repository — e.g. gdk-pixbuf-loaders-bad — and ask distributions to pick them up separately in the same way they do for gstreamer plugins.
I have now dropped wbmp, ras, and pcx - those were truly finge formats.
Created attachment 312134 [details] [review] gdk-pixbuf-io.c: Don't include dropped loaders Hi, I have removed the INCLUDE_xxx for the RAS, PCX and WBMP loaders from the Visual Studio project files as not doing so would cause linker errors, in commit db2d843. I thought maybe the dropped formats should be removed from gdk-pixbuf-io.c as well, so that people defining these build macros somehow won't fall into build problems. With blessings, thank you!
Thanks, I've done that now
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gdk-pixbuf/issues/40.