2009.04.26 17:22 "[Tiff] Packbits worst case encoded length", by Simon Berger

2009.04.30 19:12 "Re: [Tiff] Packbits worst case encoded length", by Albert Cahalan

On Thu, Apr 30, 2009 at 9:58 AM, Toby Thain <toby@telegraphics.com.au> wrote:

There must be a lot of code out there that assumes good input. And if you're writing a quick hack, not a general purpose library, you might choose to do

Sure. This being the tiff mailing list, it's reasonable to assume that this code is going into something, possibly libtiff itself, that needs to deal with files from random sources.

(Relying on memory protection to save you is not a portable strategy, so again unsuitable for a general purpose library.)

You may imagine that you are so much more capable than the people at Microsoft, Adobe, Apple... and so you NEVER make a mistake that could result in a buffer overflow...

At the very least, you can have an #ifdef to enable memory protection on platforms that can support it. Windows and all the typical UNIX-like systems offer this.

BTW, since infinite portability is far too costly for the value it provides, you do draw a line somewhere. Crummy platforms are likely to be writing files only, not reading them. (embedded OSes in cameras, scanners, etc.) At most they need to read their own files, which will of course be well-formed.

Going without the memory protection is really really bad. I can't possibly emphasize this enough. There is no reason to believe you are some super programmer who never makes a bug.