validateImageData parameter and Image.FromStream()

Question

I\'m concerned about the third parameter in this overload, validateImageData. The documentation doesn\'t explain much about it, it only states that it causes the image data to b

Answer 1

By perusing inside reflector you'll see that by default .NET always calls a native API in the GDI+ libraries named GdipImageForceValidation (which is by passing true for the validateImageData parameter). I can't find much out about the native API in MSDN, only this, which tells us no more than the name of the function itself. However, it appears that this method causes a performance degradation based on Justin Roger's post about loading images in the fastest possible way via .NET. It is also intuitive to expect that any "validation" step would take away from performance.

However, if you specify false for the validateImageData parameter, .NET will explicitly trigger an unmanaged code security demand, meaning the framework authors decided that forcing image validation was necessary in order to make the promise of managed code being safe, and ultimately being able to trust the data that the caller says represents an image. So while specifying flase for validateImageData may increase performance, in a less-than-full-trust security context, it may generate an exception, and you had better trust the data you think is an image.