On Friday, 17 June 2016 at 14:20:14 UTC, ketmar wrote:
ah, i also put `.ptr` to array access to skip bounds checking -- i love to build my code with bounds checking on, and i don't feel that i need it in this decoder -- it should be fairly well-tested.
This statement stands out as a problem. There are lots of security notices out there that refer to media-decoding problems. Remember,
in the context of image decoding, you're often handling untrusted data from external sources. The security notices often talk about "carefully crafted" files; here's just one simple example: http://www.videolan.org/security/sa0702.html Here are a couple more, regarding the infamous Adobe Flashplayer: https://hackerone.com/reports/30567 https://hackerone.com/reports/36279 Not convinced? Let's not stop there; let's look specifically at what has happened with JPEG in the past, such as: http://download.oracle.com/sunalerts/1000310.1.html http://www.theregister.co.uk/2004/09/24/jpeg_exploit_toolkit/ You need to think not just about your own code, but also about the overall environment in which it will operate.