16 Aug
2006
16 Aug
'06
4:40 p.m.
"I see where you're coming from - but I also
know that writing a TIFF
decoder is pretty straightforward; I wouldn't fancy doing the same
for >
either JPEG or PDF (not sure about PNG, but I get the impression
that > it's pretty simple in nature)."
Noooooo!!!!!
Don't do it. The problem with writing your own decoder is that you may
not have your own set of reference images, so testing it would be
'interesting'. This is the major cause of security issues in software
at the moment. All it takes is one case where you mis-handle input, and
you have introduced a vulnerability into your application.
Unfortunately, you can't work on the basis that image data is not
hostile any more.
That's what application libraries are for. Yes, they are larger that
rolling your own, but they are also more robust.