1. 24 Oct, 2013 1 commit
    • Philip Withnall's avatar
      tests: Add tests for the thumbnail verification code in GIO · fcd2f7e6
      Philip Withnall authored
      This code was added for use by the G_FILE_ATTRIBUTE_THUMBNAIL_IS_VALID
      file attribute, but may end up being used elsewhere (e.g. in GVfs) as well.
      As it’s dealing with untrusted external files, and the non-trivial PNG file
      format, this commit adds several test cases to cover valid and invalid PNG
      files.
      
      The security model for the thumbnail verification code is that the user’s
      cache directory is untrusted, and potentially any PNG file which is passed
      to the verifier has been manipulated arbitrarily by an attacker.
      
      This is a follow-up to commit fe706974.
      
      https://bugzilla.gnome.org/show_bug.cgi?id=709898
      fcd2f7e6