By the way, the lenght should be checked to not exceed 0x7FFF
so a corrupt chunk can be detected early.
--- /n/dump/2021/0627/sys/src/cmd/jpg/readpng.c Thu Jan 24 23:39:55 2013
+++ /sys/src/cmd/jpg/readpng.c Tue Jul 13 11:16:50 2021
@@ -10,8 +10,6 @@
enum
{
- IDATSIZE = 100,
-
On Tue, 13 Jul 2021, hiro wrote:
you seem to propose that if the png tells us to then we should
allocate 2GB per chunk, just bec. the spec allows it
even if the spec doesn't tell us a limit, we might want to have a limit.
No. The system should constrain the allocation. If you have enough
memor
you seem to propose that if the png tells us to then we should
allocate 2GB per chunk, just bec. the spec allows it
even if the spec doesn't tell us a limit, we might want to have a limit.
On 7/13/21, adr via 9fans <9fans@9fans.net> wrote:
> On Tue, 13 Jul 2021, hiro wrote:
>> are you saying this
On Tue, 13 Jul 2021, hiro wrote:
are you saying this is a purely synthetic error, it doesn't happen in
the wild bec. these sizes are normally more sane?
No, no... you got it wrong. You have to follow the specification
of the format, unless you want to have surprises like this one.
The file you
are you saying this is a purely synthetic error, it doesn't happen in
the wild bec. these sizes are normally more sane?
On 7/13/21, adr via 9fans <9fans@9fans.net> wrote:
> On Mon, 12 Jul 2021, adr via 9fans wrote:
> [...]
>> the length of a data chunk must be less than 2^31 - 1
> [...]
>> can't b