One place where we can set a limit is in x_create_x_image_and_pixmap,
where we malloc a pixmap to store the image contents. The data
supplied to us by the external library is copied into this pixmap. We
could signal an error if width and height are too large. However,
this seems like closing the barn door after the horses have left --
the external library will already have allocated a big chunk of
memory.
Will it free that memory if Emacs decides to abort the operation?
If so, I think that still counts as a solution. If not, I think
it is a bug in the library--so we should ask them to fix it.
Meanwhile, if these libraries do not have the feature of limiting the
memory they can use, I think they ought to have it. That is a
necessary part of defending against invalid data. A nonsensical image
that swallows all of memory is the equivalent of a denial-of-service
attack. Good apps defend against that, and good libraries should be
designed to help apps defend against that.
Would you like to write to the developers of these libraries,
asking them nicely to add such a feature?
_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel
