On Friday, 17 June 2016 at 14:20:14 UTC, ketmar wrote:
ah, i also put `.ptr` to array access to skip bounds checking
-- i love to build my code with bounds checking on, and i don't
feel that i need it in this decoder -- it should be fairly
well-tested.
This statement stands out as a problem. There are lots of
security
notices out there that refer to media-decoding problems.
Remember,
in the context of image decoding, you're often handling untrusted
data from external sources. The security notices often talk about
"carefully crafted" files; here's just one simple example:
http://www.videolan.org/security/sa0702.html
Here are a couple more, regarding the infamous Adobe Flashplayer:
https://hackerone.com/reports/30567
https://hackerone.com/reports/36279
Not convinced? Let's not stop there; let's look specifically at
what has happened with JPEG in the past, such as:
http://download.oracle.com/sunalerts/1000310.1.html
http://www.theregister.co.uk/2004/09/24/jpeg_exploit_toolkit/
You need to think not just about your own code, but also about the
overall environment in which it will operate.
