On Saturday, 18 June 2016 at 19:52:20 UTC, Observer wrote:
Not convinced?

no. i believe that it's all strongly overrated. don't run software with full access to your system, don't feed it with untrusted data, use sandboxes and such, etc. this is the way to go, not adding endless checks for all possible corner cases.

still, anyone is free to undo that: just replace all `\.ptr\b` with empty string -- and voila! all the bounds checking (and mind you, there is little, as many arrays are just malloc'ed anyway) is back. it's way easier to do than to put `.ptr` into vanilla code.

for my use cases `.ptr` access is ok: i prefer to leave bounds checking on for all builds, and manually escape it in the code when i feel that it is necessary.

in other words: i believe that validating data and loading/processing data should be separated. first validate all your jpegs with some tool, then use loaders to actually load and process 'em.

Reply via email to