From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: C file recoginzed as image file Date: Sat, 06 Jan 2007 22:47:10 -0500 Message-ID: References: Reply-To: rms@gnu.org NNTP-Posting-Host: lo.gmane.org Content-Type: text/plain; charset=ISO-8859-15 X-Trace: sea.gmane.org 1168141831 22321 80.91.229.12 (7 Jan 2007 03:50:31 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sun, 7 Jan 2007 03:50:31 +0000 (UTC) Cc: c.a.rendle@gmail.com, emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Jan 07 04:50:24 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1H3P39-00039B-Na for ged-emacs-devel@m.gmane.org; Sun, 07 Jan 2007 04:50:24 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1H3P39-0007kK-2T for ged-emacs-devel@m.gmane.org; Sat, 06 Jan 2007 22:50:23 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1H3P0T-00052j-U6 for emacs-devel@gnu.org; Sat, 06 Jan 2007 22:47:37 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1H3P0T-000526-7m for emacs-devel@gnu.org; Sat, 06 Jan 2007 22:47:37 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1H3P0S-00051m-Fl for emacs-devel@gnu.org; Sat, 06 Jan 2007 22:47:36 -0500 Original-Received: from [199.232.76.164] (helo=fencepost.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.52) id 1H3P0S-0001rk-60 for emacs-devel@gnu.org; Sat, 06 Jan 2007 22:47:36 -0500 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.60) (envelope-from ) id 1H3P02-0001mY-Ee; Sat, 06 Jan 2007 22:47:10 -0500 Original-To: Chris Moore In-reply-to: (message from Chris Moore on Sat, 06 Jan 2007 13:48:20 +0100) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:64900 Archived-At: That's a big assumption to make. There have been many exploitable bugs in image libraries in recent years. Because of this, I wouldn't figure that a jpg file is safe to open, whereas I would figure that a C source file is safe to open. It would never have occurred to me to have doubts about opening a JPG file. I am sure the same is true of many Emacs users. If we believe that having Emacs display JPG files as images is dangerous, we had better make sure Emacs NEVER does so by default. For the long term, we could also make Emacs thoroughly validate the data of any JPG before calling the library to display it. That is too much change for right now, but we could do it after the release. > Besides which, a jpg file starts with characters that don't make any > sense at the start of a C file. So if it looks like a plausible C > file, it won't be treated as a jpeg. If it looks like a plausible C file to who? To anyone who knows C. The first two characters of a JPG file are character codes above 128, that would obviously be invalid in C. In the case I described all I've seen so far is the file's name so as far as I know it is a C source file. How did the data get into a file in the first place? Did it go through Emacs? Did you see the data before you saved it in a file? I never save data from a message in a file without seeing it, but perhaps you use a method.