From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Stephen J. Turnbull" Newsgroups: gmane.emacs.devel Subject: Re: Rant - Emacs mail is not user friendly Date: Sat, 22 Nov 2014 14:41:29 +0900 Message-ID: <87bnnzu706.fsf@uwakimon.sk.tsukuba.ac.jp> References: <871tp4wut1.fsf@uwakimon.sk.tsukuba.ac.jp> <87mw7qvign.fsf@uwakimon.sk.tsukuba.ac.jp> <87bno5ulbu.fsf@uwakimon.sk.tsukuba.ac.jp> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 X-Trace: ger.gmane.org 1416634934 28145 80.91.229.3 (22 Nov 2014 05:42:14 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 22 Nov 2014 05:42:14 +0000 (UTC) Cc: kelly@prtime.org, Richard Stallman , emacs-devel@gnu.org To: Stefan Monnier Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Nov 22 06:42:08 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xs3SQ-0002a8-SV for ged-emacs-devel@m.gmane.org; Sat, 22 Nov 2014 06:42:07 +0100 Original-Received: from localhost ([::1]:43885 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xs3SH-0007kB-DW for ged-emacs-devel@m.gmane.org; Sat, 22 Nov 2014 00:41:57 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:49107) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xs3Ry-0007ju-MX for emacs-devel@gnu.org; Sat, 22 Nov 2014 00:41:46 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xs3Rr-0004Ij-4H for emacs-devel@gnu.org; Sat, 22 Nov 2014 00:41:38 -0500 Original-Received: from shako.sk.tsukuba.ac.jp ([130.158.97.161]:48029) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xs3Rq-0004Ib-RK; Sat, 22 Nov 2014 00:41:31 -0500 Original-Received: from uwakimon.sk.tsukuba.ac.jp (uwakimon.sk.tsukuba.ac.jp [130.158.99.156]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by shako.sk.tsukuba.ac.jp (Postfix) with ESMTPS id 025C11C39FF; Sat, 22 Nov 2014 14:41:30 +0900 (JST) Original-Received: by uwakimon.sk.tsukuba.ac.jp (Postfix, from userid 1000) id EBFFC1A2892; Sat, 22 Nov 2014 14:41:29 +0900 (JST) In-Reply-To: X-Mailer: VM undefined under 21.5 (beta34) "kale" acf1c26e3019 XEmacs Lucid (x86_64-unknown-linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 130.158.97.161 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177966 Archived-At: Stefan Monnier writes: > That's nice, but some security bugs strike even when faced with > a correct/valid JPG file. What we need to validate is the libjpeg code, > not the JPG files. No, you need to validate both. If the input is invalid, anything can happen. Viz, X.org, whose libraries do no validation at all (and whose restrictions are typically undocumented)!