[vorbis-dev] Will Vorbis happily decode packets with random data?
Martin C. Martin
martin at metahuman.org
Wed Aug 8 09:28:09 PDT 2001
On Wed, 8 Aug 2001, Scott Manley wrote:
> > If it will notice the problem, then I can check for valid Vorbisness by
> > decoding the file. If not, then I'll need to think of something else.
>
> Ummm - isn't this a bad idea if the files is designed to exploit a
> buffer overflow in the decoder? Unless your scanning server is running
> in a non-target environment?
I'm assuming the decoder doesn't have any bugs that can be exploited in
this way. I'm writing a Vorbis downloader for Unreal Tournament, and
the danger is that some of the other functionality in UT can be used to
extract, then run, a portion of a downloaded file. It's a remote
possibility, but I'd make a lot of people happy if i could say "there's
no executable code in this file longer than 16 bytes."
- Martin
--- >8 ----
List archives: http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'vorbis-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Vorbis-dev
mailing list