On Wed, Aug 29, 2001 at 07:58:52AM -0500, Kelly Martin wrote:
> In my opinion, a library which crashes when fed inappropriate external
> data is buggy by definition.

Let's be more specific:

Does the GTK+ UTF8 implementation meet the requirements for security
purposes laid down in Unicode 3.0.1 and later ?

How about other security considerations? Please don't reply with a cop
out like "The application has to handle this", that's equivalent to
saying "We needn't fix the bug because there's a known workaround".

Conservative implementation is essential here for robustness AND security.

Gimp-developer mailing list

Reply via email to