From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Richard M. Stallman" Newsgroups: gmane.emacs.devel Subject: Re: image size limit? Date: Wed, 12 Oct 2005 12:24:29 -0400 Message-ID: References: <87oe5v7q19.fsf@stupidchicken.com> Reply-To: rms@gnu.org NNTP-Posting-Host: main.gmane.org Content-Type: text/plain; charset=ISO-8859-15 X-Trace: sea.gmane.org 1129134456 22083 80.91.229.2 (12 Oct 2005 16:27:36 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Wed, 12 Oct 2005 16:27:36 +0000 (UTC) Cc: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Oct 12 18:27:33 2005 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1EPjPg-0006ny-He for ged-emacs-devel@m.gmane.org; Wed, 12 Oct 2005 18:25:10 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1EPjPe-000638-68 for ged-emacs-devel@m.gmane.org; Wed, 12 Oct 2005 12:25:06 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1EPjP4-0005v9-Oi for emacs-devel@gnu.org; Wed, 12 Oct 2005 12:24:30 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1EPjP3-0005uq-V2 for emacs-devel@gnu.org; Wed, 12 Oct 2005 12:24:30 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1EPjP3-0005uk-Q4 for emacs-devel@gnu.org; Wed, 12 Oct 2005 12:24:29 -0400 Original-Received: from [199.232.76.164] (helo=fencepost.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.34) id 1EPjP3-0003BM-Sy for emacs-devel@gnu.org; Wed, 12 Oct 2005 12:24:29 -0400 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.34) id 1EPjP3-0007dR-7H; Wed, 12 Oct 2005 12:24:29 -0400 Original-To: Chong Yidong In-reply-to: <87oe5v7q19.fsf@stupidchicken.com> (message from Chong Yidong on Tue, 11 Oct 2005 16:32:50 -0400) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:43932 Archived-At: One place where we can set a limit is in x_create_x_image_and_pixmap, where we malloc a pixmap to store the image contents. The data supplied to us by the external library is copied into this pixmap. We could signal an error if width and height are too large. However, this seems like closing the barn door after the horses have left -- the external library will already have allocated a big chunk of memory. Will it free that memory if Emacs decides to abort the operation? If so, I think that still counts as a solution. If not, I think it is a bug in the library--so we should ask them to fix it. Meanwhile, if these libraries do not have the feature of limiting the memory they can use, I think they ought to have it. That is a necessary part of defending against invalid data. A nonsensical image that swallows all of memory is the equivalent of a denial-of-service attack. Good apps defend against that, and good libraries should be designed to help apps defend against that. Would you like to write to the developers of these libraries, asking them nicely to add such a feature?