From: Richard Stallman <rms@gnu.org>
Cc: keramida@ceid.upatras.gr, dooglus@gmail.com,
c.a.rendle@gmail.com, Reiner.Steib@gmx.de, emacs-devel@gnu.org
Subject: Re: C file recoginzed as image file
Date: Mon, 15 Jan 2007 18:27:08 -0500 [thread overview]
Message-ID: <E1H6bEK-0003ri-1W@fencepost.gnu.org> (raw)
In-Reply-To: <jwvfyadksa9.fsf-monnier+emacs@gnu.org> (message from Stefan Monnier on Sun, 14 Jan 2007 20:14:43 -0500)
The bug in the lib may be triggered by a valid file (typically: valid but
with some parameters much larger than expected). There's no evidence that
our validation code wouldn't be itself vulnerable to various attacks
If the checking code is thorough, checking every datum for validity
before using its value, then it will not be vulnerable. The reason
the libraries have vulnerabilities is that their authors are thinking
about displaying a valid image, rather than detecting an invalid one.
The point about failures on valid images is a valid point, but I don't
see what we can do about it at this level. Perfection is not
attainable. Anyway, those bugs are likely to be found and fixed
because they would fail on real images.
next prev parent reply other threads:[~2007-01-15 23:27 UTC|newest]
Thread overview: 150+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-05 14:27 C file recoginzed as image file Charles Rendleman
2007-01-05 14:46 ` Chris Moore
2007-01-05 14:52 ` Lennart Borgman (gmail)
2007-01-05 15:02 ` Chris Moore
2007-01-05 19:02 ` Juanma Barranquero
2007-01-05 22:23 ` Chris Moore
2007-01-05 22:44 ` Juanma Barranquero
2007-01-05 22:47 ` Juanma Barranquero
2007-01-05 23:01 ` Chris Moore
2007-01-05 23:15 ` Juanma Barranquero
2007-01-06 18:07 ` Richard Stallman
2007-01-06 18:49 ` Chris Moore
2007-01-06 0:12 ` Jason Rumney
2007-01-06 18:07 ` Richard Stallman
2007-01-07 19:20 ` Juanma Barranquero
2007-01-08 5:33 ` Richard Stallman
2007-01-06 2:55 ` Richard Stallman
2007-01-06 10:52 ` Juanma Barranquero
2007-01-06 3:20 ` Stefan Monnier
2007-01-06 10:58 ` Juanma Barranquero
2007-01-07 16:50 ` Mathias Dahl
2007-01-07 3:46 ` Richard Stallman
2007-01-07 5:36 ` Stefan Monnier
2007-01-08 5:32 ` Richard Stallman
2007-01-08 15:09 ` Stefan Monnier
2007-01-08 15:25 ` Kim F. Storm
2007-01-08 17:32 ` Lennart Borgman (gmail)
2007-01-08 19:54 ` Eli Zaretskii
2007-01-09 11:12 ` Jan Nieuwenhuizen
2007-01-09 11:44 ` Chong Yidong
2007-01-09 11:57 ` Jan Nieuwenhuizen
2007-01-09 12:40 ` David Kastrup
2007-01-09 13:03 ` martin rudalics
2007-01-09 12:57 ` Chong Yidong
2007-01-09 16:01 ` Stuart D. Herring
2007-01-09 13:11 ` Stephen Leake
2007-01-15 6:06 ` Giorgos Keramidas
2007-01-09 21:49 ` Eli Zaretskii
2007-01-09 22:20 ` Alan Mackenzie
2007-01-08 19:48 ` Eli Zaretskii
2007-01-08 22:34 ` Stefan Monnier
2007-01-08 23:26 ` Lennart Borgman (gmail)
2007-01-09 4:08 ` Richard Stallman
2007-01-09 9:48 ` Lennart Borgman (gmail)
2007-01-09 11:06 ` Jason Rumney
2007-01-09 12:01 ` Lennart Borgman (gmail)
2007-01-09 12:16 ` Jason Rumney
2007-01-09 12:23 ` Lennart Borgman (gmail)
2007-01-10 1:04 ` Richard Stallman
2007-01-10 9:05 ` Jason Rumney
2007-01-10 9:38 ` Lennart Borgman (gmail)
2007-01-10 23:06 ` Richard Stallman
2007-01-09 21:54 ` Eli Zaretskii
2007-01-09 21:55 ` Lennart Borgman (gmail)
2007-01-09 23:56 ` Chris Moore
2007-01-10 0:21 ` Lennart Borgman (gmail)
2007-01-10 15:11 ` Chris Moore
2007-01-10 15:17 ` Lennart Borgman (gmail)
2007-01-09 21:08 ` Richard Stallman
2007-01-09 21:40 ` Lennart Borgman (gmail)
2007-01-08 17:09 ` Stephen J. Turnbull
2007-01-08 20:26 ` Juanma Barranquero
2007-01-08 20:39 ` David Kastrup
2007-01-08 20:48 ` Juanma Barranquero
2007-01-08 20:52 ` David Kastrup
2007-01-08 21:03 ` Juanma Barranquero
2007-01-09 7:57 ` David Kastrup
2007-01-09 9:08 ` Juanma Barranquero
2007-01-09 18:50 ` Chris Moore
2007-01-09 19:47 ` Juanma Barranquero
2007-01-09 22:38 ` Stefan Monnier
2007-01-09 23:19 ` Juanma Barranquero
2007-01-10 1:12 ` Stefan Monnier
2007-01-10 1:37 ` Stephen Leake
2007-01-08 22:42 ` Juanma Barranquero
2007-01-08 23:27 ` Stefan Monnier
2007-01-08 23:39 ` Juanma Barranquero
2007-01-09 2:07 ` Stefan Monnier
2007-01-08 23:32 ` Stefan Monnier
2007-01-08 23:43 ` Juanma Barranquero
2007-01-09 0:11 ` Stuart D. Herring
2007-01-09 0:19 ` Juanma Barranquero
2007-01-09 13:16 ` Stephen Leake
2007-01-09 17:57 ` Richard Stallman
2007-01-09 19:59 ` Lennart Borgman (gmail)
2007-01-10 1:04 ` Richard Stallman
2007-01-07 9:04 ` Chris Moore
2007-01-08 5:33 ` Richard Stallman
2007-01-08 13:34 ` Chris Moore
2007-01-08 18:20 ` David Kastrup
2007-01-08 21:02 ` Chris Moore
2007-01-08 21:14 ` Chris Moore
2007-01-09 0:01 ` Richard Stallman
2007-01-09 1:08 ` Chris Moore
2007-01-09 17:57 ` Richard Stallman
2007-01-09 23:24 ` Chris Moore
2007-01-09 23:39 ` Lennart Borgman (gmail)
2007-01-10 1:00 ` Chris Moore
2007-01-10 1:05 ` Lennart Borgman (gmail)
2007-01-09 4:40 ` Stephen J. Turnbull
2007-01-09 21:07 ` Richard Stallman
2007-01-10 4:23 ` Stephen J. Turnbull
2007-01-10 23:05 ` Richard Stallman
2007-01-09 13:07 ` Stephen Leake
2007-01-09 13:25 ` Juanma Barranquero
2007-01-09 13:57 ` Vinicius Jose Latorre
2007-01-09 23:37 ` Juanma Barranquero
2007-01-15 6:10 ` Giorgos Keramidas
2007-01-09 22:58 ` Chris Moore
2007-01-09 23:31 ` Juanma Barranquero
2007-01-10 1:31 ` Stephen Leake
2007-01-08 5:33 ` Richard Stallman
2007-01-07 10:05 ` Lennart Borgman (gmail)
2007-01-06 2:55 ` Richard Stallman
2007-01-06 3:16 ` Stefan Monnier
2007-01-06 12:48 ` Chris Moore
2007-01-07 3:47 ` Richard Stallman
2007-01-07 9:21 ` Chris Moore
2007-01-07 9:58 ` Lennart Borgman (gmail)
2007-01-08 5:32 ` Richard Stallman
2007-01-08 14:05 ` Reiner Steib
2007-01-08 14:16 ` Andreas Schwab
2007-01-08 18:12 ` Stuart D. Herring
2007-01-09 0:01 ` Richard Stallman
2007-01-14 2:52 ` Giorgos Keramidas
2007-01-14 18:55 ` Sascha Wilde
2007-01-15 14:58 ` Richard Stallman
2007-01-15 15:14 ` Jason Rumney
2007-01-19 16:14 ` Juanma Barranquero
2007-01-19 16:33 ` Jason Rumney
2007-01-19 17:10 ` Juanma Barranquero
2007-01-20 2:10 ` Richard Stallman
2007-01-20 23:38 ` Juanma Barranquero
2007-01-21 22:27 ` Richard Stallman
2007-01-21 22:36 ` Jason Rumney
2007-01-21 22:47 ` Juanma Barranquero
2007-01-22 9:04 ` Richard Stallman
2007-01-14 23:23 ` Richard Stallman
2007-01-15 1:14 ` Stefan Monnier
2007-01-15 5:59 ` Giorgos Keramidas
2007-01-15 23:27 ` Richard Stallman [this message]
2007-01-07 11:49 ` Jason Rumney
2007-01-07 16:21 ` Stefan Monnier
2007-01-08 5:33 ` Richard Stallman
2007-01-06 2:55 ` Richard Stallman
2007-01-06 12:42 ` Chris Moore
2007-01-07 3:47 ` Richard Stallman
2007-01-07 9:28 ` Michaël Cadilhac
2007-01-08 5:32 ` Richard Stallman
2007-01-06 2:55 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1H6bEK-0003ri-1W@fencepost.gnu.org \
--to=rms@gnu.org \
--cc=Reiner.Steib@gmx.de \
--cc=c.a.rendle@gmail.com \
--cc=dooglus@gmail.com \
--cc=emacs-devel@gnu.org \
--cc=keramida@ceid.upatras.gr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.