validateImageData参数和Image.FromStream（） [英] validateImageData parameter and Image.FromStream()

问题描述

我很担心在这个过载，validateImageData第三个参数。文档没有解释太多关于它，它只是说，它使图像数据进行验证，但没有详细说明，究竟是为了验证图像数据？

I'm concerned about the third parameter in this overload, validateImageData. The documentation doesn't explain much about it, it only states that it causes the image data to be validated but no details, what exactly is done to validate the image data?

public static Image FromStream (
    Stream stream,
    bool useEmbeddedColorManagement,
    bool validateImageData
)

我想用这个Web应用程序，所以，我想知道如果我设置validateImageData为true，究竟会发生什么，我想肯定的是哪些用户上传是一个有效的图像，它是建议设置validateImageData为真还是不够，如果一个被抛出捕捉异常？此外，可以在设置validateImageData为true以任何方式影响性能？ （用户可以上传图片大小可达25万）

I want to use this in a web application, so, I want to know what exactly will happen if I set validateImageData to true, I want to be sure that what the user uploads is a valid image, is it recommended to set validateImageData to true or is it enough to catch the exception if one is thrown? Also, can setting validateImageData to true affect the performance in any way? (users can upload images up to 250k in size)

感谢

推荐答案

从反射镜，我们看到：

if (validateImageData)
{
    num = SafeNativeMethods.Gdip.GdipImageForceValidation(new HandleRef(null, zero));
    if (num != 0)
    {
        SafeNativeMethods.Gdip.GdipDisposeImage(new HandleRef(null, zero));
        throw SafeNativeMethods.Gdip.StatusException(num);
    }
}

所以我们看到， GdipImageForceValidation 是所谓的（回忆一下，System.Drawing中只是一个包装过GDI +）。这方面的文档的功能不是很好：

So we see that GdipImageForceValidation is called (recall, System.Drawing is just a wrapper over GDI+). The documentation for this function isn't very good:

此功能可强制验证的形象。

This function forces validation of the image.

不是非常有用。然而，该点是由 - 图像文件被询问，以确保它是安全的加载。这可能会导致整个图像被加载到存储器中。

Not very useful. However, the point is made - the image file is interrogated to ensure it is safe to load. This may cause the whole image to be loaded into memory.

如果您是从用户接受输入的，我肯定会将此标志设置为true - 你永远不知道什么样的文件（格式不正确或以其他方式）的用户会上传。有备无患。这就是为什么默认为真。

If you are accepting inputs from users, I certainly would set this flag to true - you never know what kind of files (malformed or otherwise) users will upload. Better safe than sorry. This is why the default is true.

还请注意，GDI +是的不可以推荐的服务器环境。你最好使用 System.Windows.Media.Imaging 。

Note also that GDI+ is not recommended for server environments. You're better off using System.Windows.Media.Imaging.

这篇关于validateImageData参数和Image.FromStream（）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！