|
Boost : |
Subject: Re: [boost] Formal Review of IO and Toolbox extensions to Boost.GIL starts TOMORROW
From: Fabio Fracassi (f.fracassi_at_[hidden])
Date: 2010-12-06 12:30:42
On 6/12/2010 17:19, Christian Henning wrote:
>
> My corrupted images were merely .txt files. ;-) When reading the
> header libjpeg would issue an error and the io extension will throw an
> exception. Now, we can argue such testing is insufficient and I would
> agree but that's what we have for now. I'm gladly incorporate some
> corrupted image reading into the test suite.
>
> Christian
Have you looked into how browsers test against malicious attacks?
IIRC they take valid images and change them in a "educatedly random"
fashion. (i.e. all kinds of header corruption)
As images are a common attack vector for malicious attacks I think that
kind of testing is quite important.
Fabio
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk