LibTiff Mailing List

On 30-Apr-09, at 3:12 PM, Albert Cahalan wrote:

> On Thu, Apr 30, 2009 at 9:58 AM, Toby Thain  
> <toby@telegraphics.com.au> wrote:
>
>> There must be a lot of code out there that assumes good input. And  
>> if you're
>> writing a quick hack, not a general purpose library, you might  
>> choose to do
>
> Sure. This being the tiff mailing list, it's reasonable to assume
> that this code is going into something, possibly libtiff itself,
> that needs to deal with files from random sources.
>
>> (Relying on memory protection to save you is not a portable  
>> strategy, so
>> again unsuitable for a general purpose library.)
>
> You may imagine that you are so much more capable than
> the people at Microsoft, Adobe, Apple... and so you NEVER
> make a mistake that could result in a buffer overflow...

Of course not.

>
> At the very least, you can have an #ifdef to enable memory
> protection on platforms that can support it. Windows and
> all the typical UNIX-like systems offer this.

They offer it for processes for 'free', as far as an application  
developer is concerned.

Whether libtiff should use such a facility directly? Well, the debate  
is open, I guess.

>
> BTW, since infinite portability is far too costly for the value it
> provides, you do draw a line somewhere. Crummy platforms
> are likely to be writing files only, not reading them. (embedded
> OSes in cameras, scanners, etc.) At most they need to read
> their own files, which will of course be well-formed.
>
> Going without the memory protection is really really bad.

I don't, and haven't since Mac OS 9. And my Linux and Solaris systems  
don't do without it either.

> I can't possibly emphasize this enough. There is no reason
> to believe you are some super programmer who never
> makes a bug.

I do not believe any such thing. When did you stop beating your wife?

--T


AWARE [SYSTEMS]		Imaging expertise for the Delphi developer
		TIFF and LibTiff Mailing List Archive
	LibTiff Mailing List TIFF and LibTiff Mailing List Archive April 2009 Previous Thread Next Thread Previous by Thread Next by Thread Previous by Date Next by Date Contact The TIFF Mailing List Homepage This list is run by Frank Warmerdam Archive maintained by AWare Systems	Thread 2009.04.26 17:22 "Packbits worst case encoded length", by Simon Berger 2009.04.29 14:28 "Re: Packbits worst case encoded length", by Toby Thain 2009.04.29 18:07 "Re: Packbits worst case encoded length", by Simon Berger 2009.04.29 19:17 "Re: Packbits worst case encoded length", by Toby Thain 2009.04.29 19:43 "Re: Packbits worst case encoded length", by Simon Berger 2009.04.30 07:41 "Re: Packbits worst case encoded length", by Albert Cahalan 2009.04.30 13:58 "Re: Packbits worst case encoded length", by Toby Thain 2009.04.30 19:12 "Re: Packbits worst case encoded length", by Albert Cahalan 2009.04.30 19:25 "Re: Packbits worst case encoded length", by Toby Thain 2009.04.30 19:31 "Re: Packbits worst case encoded length", by Albert Cahalan 2009.04.30 22:30 "Re: Packbits worst case encoded length", by Toby Thain 2009.05.01 06:34 "Re: Packbits worst case encoded length", by Albert Cahalan 2009.05.01 14:21 "Re: Packbits worst case encoded length", by Toby Thain 2009.05.05 16:39 "Re: Packbits worst case encoded length", by Bob Friesenhahn 2009.05.05 18:09 "Re: Packbits worst case encoded length", by Albert Cahalan 2009.05.05 18:32 "Re: Packbits worst case encoded length", by Bob Friesenhahn 2009.05.05 19:13 "Re: Packbits worst case encoded length", by Albert Cahalan 2009.05.05 22:57 "Re: Packbits worst case encoded length", by Graeme Gill 2009.05.05 18:42 "Guard pages - was Re: Packbits worst case encoded length", by Toby Thain 2009.04.30 19:25 "Re: Packbits worst case encoded length", by Simon Berger 2009.04.30 19:25 "Re: Packbits worst case encoded length", by Toby Thain On 30-Apr-09, at 3:12 PM, Albert Cahalan wrote: > On Thu, Apr 30, 2009 at 9:58 AM, Toby Thain > <toby@telegraphics.com.au> wrote: > >> There must be a lot of code out there that assumes good input. And >> if you're >> writing a quick hack, not a general purpose library, you might >> choose to do > > Sure. This being the tiff mailing list, it's reasonable to assume > that this code is going into something, possibly libtiff itself, > that needs to deal with files from random sources. > >> (Relying on memory protection to save you is not a portable >> strategy, so >> again unsuitable for a general purpose library.) > > You may imagine that you are so much more capable than > the people at Microsoft, Adobe, Apple... and so you NEVER > make a mistake that could result in a buffer overflow... Of course not. > > At the very least, you can have an #ifdef to enable memory > protection on platforms that can support it. Windows and > all the typical UNIX-like systems offer this. They offer it for processes for 'free', as far as an application developer is concerned. Whether libtiff should use such a facility directly? Well, the debate is open, I guess. > > BTW, since infinite portability is far too costly for the value it > provides, you do draw a line somewhere. Crummy platforms > are likely to be writing files only, not reading them. (embedded > OSes in cameras, scanners, etc.) At most they need to read > their own files, which will of course be well-formed. > > Going without the memory protection is really really bad. I don't, and haven't since Mac OS 9. And my Linux and Solaris systems don't do without it either. > I can't possibly emphasize this enough. There is no reason > to believe you are some super programmer who never > makes a bug. I do not believe any such thing. When did you stop beating your wife? --T

LibTiff Mailing List

Thread

2009.04.30 19:25 "Re: Packbits worst case encoded length", by Toby Thain