[vorbis-dev] Will Vorbis happily decode packets with random data?
Monty
xiphmont at xiph.org
Wed Aug 8 11:47:34 PDT 2001
On Wed, Aug 08, 2001 at 08:59:01AM -0700, Scott Manley wrote:
> I'm searching for a similar trick for checking files to be added to
> myplay.
>
> > If it will notice the problem, then I can check for valid Vorbisness by
> > decoding the file. If not, then I'll need to think of something else.
>
> Ummm - isn't this a bad idea if the files is designed to exploit a
> buffer overflow in the decoder? Unless your scanning server is running
> in a non-target environment?
Static buffers have been a known risk for 20 years and only lazy,
piss-poor programmers (the majority, I grant you) would write code
today that could be overrun. If you can find a buffer overrun in
Vorbis, a case of whatever brew you prefer is on me.
Monty
--- >8 ----
List archives: http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'vorbis-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Vorbis-dev
mailing list