[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: C file recoginzed as image file
From: |
Richard Stallman |
Subject: |
Re: C file recoginzed as image file |
Date: |
Mon, 15 Jan 2007 18:27:08 -0500 |
The bug in the lib may be triggered by a valid file (typically: valid but
with some parameters much larger than expected). There's no evidence that
our validation code wouldn't be itself vulnerable to various attacks
If the checking code is thorough, checking every datum for validity
before using its value, then it will not be vulnerable. The reason
the libraries have vulnerabilities is that their authors are thinking
about displaying a valid image, rather than detecting an invalid one.
The point about failures on valid images is a valid point, but I don't
see what we can do about it at this level. Perfection is not
attainable. Anyway, those bugs are likely to be found and fixed
because they would fail on real images.
- Re: C file recoginzed as image file, (continued)
- Re: C file recoginzed as image file, Jason Rumney, 2007/01/19
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/19
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/19
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/20
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/21
- Re: C file recoginzed as image file, Jason Rumney, 2007/01/21
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/21
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/22
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/14
- Re: C file recoginzed as image file, Stefan Monnier, 2007/01/14
- Re: C file recoginzed as image file,
Richard Stallman <=
- Re: C file recoginzed as image file, Giorgos Keramidas, 2007/01/15
- Re: C file recoginzed as image file, Jason Rumney, 2007/01/07
- Re: C file recoginzed as image file, Stefan Monnier, 2007/01/07
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/08
Re: C file recoginzed as image file, Richard Stallman, 2007/01/05
Re: C file recoginzed as image file, Richard Stallman, 2007/01/05