2009.04.26 17:22 "[Tiff] Packbits worst case encoded length", by Simon Berger

2009.05.01 14:21 "Re: [Tiff] Packbits worst case encoded length", by Toby Thain

On 1-May-09, at 2:34 AM, Albert Cahalan wrote:

On Thu, Apr 30, 2009 at 6:30 PM, Toby Thain <toby@telegraphics.com.au> wrote:

My approach to finding bugs in a file format parser is to test. And test more. Fuzz testing with random input I find is revealing. Memory protection hacks, while a nice extra safety net, and definitely valuable in an operating system, are not a substitute for that.

That's an excellent idea, but you might not catch everything.

Nor will guard pages.

Is every file-reading library on the system supposed to re-implement this technique??