Boost logo

Boost :

Subject: Re: [boost] Formal Review of IO and Toolbox extensions to Boost.GIL starts TOMORROW
From: Fabio Fracassi (f.fracassi_at_[hidden])
Date: 2010-12-06 12:30:42

On 6/12/2010 17:19, Christian Henning wrote:

> My corrupted images were merely .txt files. ;-) When reading the
> header libjpeg would issue an error and the io extension will throw an
> exception. Now, we can argue such testing is insufficient and I would
> agree but that's what we have for now. I'm gladly incorporate some
> corrupted image reading into the test suite.
> Christian

Have you looked into how browsers test against malicious attacks?
IIRC they take valid images and change them in a "educatedly random"
fashion. (i.e. all kinds of header corruption)
As images are a common attack vector for malicious attacks I think that
kind of testing is quite important.


Boost list run by bdawes at, gregod at, cpdaniel at, john at