[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: C file recoginzed as image file

From: Richard Stallman
Subject: Re: C file recoginzed as image file
Date: Sat, 06 Jan 2007 22:47:10 -0500

    That's a big assumption to make.  There have been many exploitable
    bugs in image libraries in recent years.  Because of this, I wouldn't
    figure that a jpg file is safe to open, whereas I would figure that a
    C source file is safe to open.

It would never have occurred to me to have doubts about opening a JPG
file.  I am sure the same is true of many Emacs users.  If we believe
that having Emacs display JPG files as images is dangerous, we had
better make sure Emacs NEVER does so by default.

For the long term, we could also make Emacs thoroughly validate the
data of any JPG before calling the library to display it.  That is too
much change for right now, but we could do it after the release.

    > Besides which, a jpg file starts with characters that don't make any
    > sense at the start of a C file.  So if it looks like a plausible C
    > file, it won't be treated as a jpeg.

    If it looks like a plausible C file to who?

To anyone who knows C.  The first two characters of a JPG file are
character codes above 128, that would obviously be invalid in C.

      In the case I described
    all I've seen so far is the file's name so as far as I know it is a C
    source file.

How did the data get into a file in the first place?  Did it go
through Emacs?  Did you see the data before you saved it in a file?

I never save data from a message in a file without seeing it, but
perhaps you use a method.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]