Re: Are WAV files dangerous?

From: Lassi Hippeläinen (lahippel_at_ieee.orgies.invalid)
Date: 08/17/04


Date: Tue, 17 Aug 2004 11:09:32 GMT

Bill Unruh wrote:

> The question is how tightly the standards constrain the file.

No. The question is what happens when the file doesn't conform to the
standard. A parser shouldn't crash at the first non-conformance. It
should be robust enough to either ignore the errors or reject the data.

Many exploits discovered by the PROTOS test suite (including SNMP
implementations!) were holes left by too trusting programmers.

-- Lassi



Relevant Pages

  • Re: Are WAV files dangerous?
    ... standard. ... A parser shouldn't crash at the first non-conformance. ...
    (comp.security.misc)
  • Re: A C++ Whishlist
    ... In the vast majority of member functions the first thing you will do ... If I feel it needs an extra check because it won't crash cleanly I may ... >> unless you also check the this pointer you aren't checking every ... The standard does not say "the this pointer cannot be NULL". ...
    (comp.lang.cpp)
  • ANN: ThirdBase: A Fast and Easy Date/DateTime Class for Ruby
    ... ThirdBase differs from Ruby's standard Date/DateTime class in the ... The Ruby standard Date class tries to be all things to all people. ... the format you want to parse (though you can add a parser that will do ... ThirdBase's parsers are separated into parser types. ...
    (comp.lang.ruby)
  • Re: gets() is dead
    ... function it the standard C library, it would be systemand not gets. ... program's argument parser. ... code in the program will also give you a reason to get mighty suspicious ... suddenly turn safe because of it. ...
    (comp.lang.c)
  • Re: in standard C it is impossible to write a correct program. Why?
    ... Don't know if that's supposed to be valid behavior though, ... I just tried it and got 0, no crash. ... Looks like gcc-compiler code doesn't crash as a compile-time expression, ... The standard as currently worded allows this result for "/", ...
    (comp.lang.c)