On Saturday, 18 June 2016 at 19:52:20 UTC, Observer wrote:
no. i believe that it's all strongly overrated. don't run
software with full access to your system, don't feed it with
untrusted data, use sandboxes and such, etc. this is the way to
go, not adding endless checks for all possible corner cases.
still, anyone is free to undo that: just replace all `\.ptr\b`
with empty string -- and voila! all the bounds checking (and mind
you, there is little, as many arrays are just malloc'ed anyway)
is back. it's way easier to do than to put `.ptr` into vanilla
for my use cases `.ptr` access is ok: i prefer to leave bounds
checking on for all builds, and manually escape it in the code
when i feel that it is necessary.
in other words: i believe that validating data and
loading/processing data should be separated. first validate all
your jpegs with some tool, then use loaders to actually load and