LibTiff Mailing List

On 1-May-09, at 2:34 AM, Albert Cahalan wrote:

> On Thu, Apr 30, 2009 at 6:30 PM, Toby Thain  
> <toby@telegraphics.com.au> wrote:
>> ... My approach to finding
>> bugs in a file format parser is to test. And test more. Fuzz  
>> testing with
>> random input I find is revealing. Memory protection hacks, while a  
>> nice
>> extra safety net, and definitely valuable in an operating system,  
>> are not a
>> substitute for that.
>
> That's an excellent idea, but you might not catch everything.

Nor will guard pages.

Is every file-reading library on the system supposed to re-implement  
this technique??

--Toby


AWARE [SYSTEMS]		Imaging expertise for the Delphi developer
		TIFF and LibTiff Mailing List Archive
	LibTiff Mailing List TIFF and LibTiff Mailing List Archive April 2009 Previous Thread Next Thread Previous by Thread Next by Thread Previous by Date Next by Date Contact The TIFF Mailing List Homepage This list is run by Frank Warmerdam Archive maintained by AWare Systems	Thread 2009.04.26 17:22 "Packbits worst case encoded length", by Simon Berger 2009.04.29 14:28 "Re: Packbits worst case encoded length", by Toby Thain 2009.04.29 18:07 "Re: Packbits worst case encoded length", by Simon Berger 2009.04.29 19:17 "Re: Packbits worst case encoded length", by Toby Thain 2009.04.29 19:43 "Re: Packbits worst case encoded length", by Simon Berger 2009.04.30 07:41 "Re: Packbits worst case encoded length", by Albert Cahalan 2009.04.30 13:58 "Re: Packbits worst case encoded length", by Toby Thain 2009.04.30 19:12 "Re: Packbits worst case encoded length", by Albert Cahalan 2009.04.30 19:25 "Re: Packbits worst case encoded length", by Toby Thain 2009.04.30 19:31 "Re: Packbits worst case encoded length", by Albert Cahalan 2009.04.30 22:30 "Re: Packbits worst case encoded length", by Toby Thain 2009.05.01 06:34 "Re: Packbits worst case encoded length", by Albert Cahalan 2009.05.01 14:21 "Re: Packbits worst case encoded length", by Toby Thain 2009.05.05 16:39 "Re: Packbits worst case encoded length", by Bob Friesenhahn 2009.05.05 18:09 "Re: Packbits worst case encoded length", by Albert Cahalan 2009.05.05 18:32 "Re: Packbits worst case encoded length", by Bob Friesenhahn 2009.05.05 19:13 "Re: Packbits worst case encoded length", by Albert Cahalan 2009.05.05 22:57 "Re: Packbits worst case encoded length", by Graeme Gill 2009.05.05 18:42 "Guard pages - was Re: Packbits worst case encoded length", by Toby Thain 2009.04.30 19:25 "Re: Packbits worst case encoded length", by Simon Berger 2009.05.01 14:21 "Re: Packbits worst case encoded length", by Toby Thain On 1-May-09, at 2:34 AM, Albert Cahalan wrote: > On Thu, Apr 30, 2009 at 6:30 PM, Toby Thain > <toby@telegraphics.com.au> wrote: >> ... My approach to finding >> bugs in a file format parser is to test. And test more. Fuzz >> testing with >> random input I find is revealing. Memory protection hacks, while a >> nice >> extra safety net, and definitely valuable in an operating system, >> are not a >> substitute for that. > > That's an excellent idea, but you might not catch everything. Nor will guard pages. Is every file-reading library on the system supposed to re-implement this technique?? --Toby

LibTiff Mailing List

Thread

2009.05.01 14:21 "Re: Packbits worst case encoded length", by Toby Thain