Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

validateImageData parameter and Image.FromStream()

I'm concerned about the third parameter in this overload, validateImageData. The documentation doesn't explain much about it, it only states that it causes the image data to be validated but no details, what exactly is done to validate the image data?

public static Image FromStream (
    Stream stream,
    bool useEmbeddedColorManagement,
    bool validateImageData
)

I want to use this in a web application, so, I want to know what exactly will happen if I set validateImageData to true, I want to be sure that what the user uploads is a valid image, is it recommended to set validateImageData to true or is it enough to catch the exception if one is thrown? Also, can setting validateImageData to true affect the performance in any way? (users can upload images up to 250k in size)

Thanks

like image 870
Waleed Eissa Avatar asked Jan 07 '09 13:01

Waleed Eissa


2 Answers

From Reflector, we see:

if (validateImageData)
{
    num = SafeNativeMethods.Gdip.GdipImageForceValidation(new HandleRef(null, zero));
    if (num != 0)
    {
        SafeNativeMethods.Gdip.GdipDisposeImage(new HandleRef(null, zero));
        throw SafeNativeMethods.Gdip.StatusException(num);
    }
}

So we see that GdipImageForceValidation is called (recall, System.Drawing is just a wrapper over GDI+). The documentation for this function isn't very good:

This function forces validation of the image.

Not very useful. However, the point is made - the image file is interrogated to ensure it is safe to load. This may cause the whole image to be loaded into memory.

If you are accepting inputs from users, I certainly would set this flag to true - you never know what kind of files (malformed or otherwise) users will upload. Better safe than sorry. This is why the default is true.

Note also that GDI+ is not recommended for server environments. You're better off using System.Windows.Media.Imaging.

like image 173
Frank Krueger Avatar answered Sep 24 '22 12:09

Frank Krueger


By perusing inside reflector you'll see that by default .NET always calls a native API in the GDI+ libraries named GdipImageForceValidation (which is by passing true for the validateImageData parameter). I can't find much out about the native API in MSDN, only this, which tells us no more than the name of the function itself. However, it appears that this method causes a performance degradation based on Justin Roger's post about loading images in the fastest possible way via .NET. It is also intuitive to expect that any "validation" step would take away from performance.

However, if you specify false for the validateImageData parameter, .NET will explicitly trigger an unmanaged code security demand, meaning the framework authors decided that forcing image validation was necessary in order to make the promise of managed code being safe, and ultimately being able to trust the data that the caller says represents an image. So while specifying flase for validateImageData may increase performance, in a less-than-full-trust security context, it may generate an exception, and you had better trust the data you think is an image.

like image 45
Scott Willeke Avatar answered Sep 21 '22 12:09

Scott Willeke