[vorbis-dev] Will Vorbis happily decode packets with random data?
Segher Boessenkool
segher at chello.nl
Wed Aug 8 12:10:26 PDT 2001
Monty wrote:
>
> On Wed, Aug 08, 2001 at 08:59:01AM -0700, Scott Manley wrote:
> > I'm searching for a similar trick for checking files to be added to
> > myplay.
> >
> > > If it will notice the problem, then I can check for valid Vorbisness by
> > > decoding the file. If not, then I'll need to think of something else.
> >
> > Ummm - isn't this a bad idea if the files is designed to exploit a
> > buffer overflow in the decoder? Unless your scanning server is running
> > in a non-target environment?
>
> Static buffers have been a known risk for 20 years and only lazy,
> piss-poor programmers (the majority, I grant you) would write code
> today that could be overrun. If you can find a buffer overrun in
> Vorbis, a case of whatever brew you prefer is on me.
Is that a case per overrun? I take the challenge!
Segher
--- >8 ----
List archives: http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'vorbis-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Vorbis-dev
mailing list