[nmglug] Re: nmglug Digest, Vol 13, Issue 12

WA7BSZ wa7bsz at yahoo.com
Fri Oct 22 11:19:07 PDT 2004


> Message: 2
> Date: Fri, 22 Oct 2004 08:58:15 -0700 (PDT)
> From: WA7BSZ <wa7bsz at yahoo.com>
> Subject: [nmglug] Browsers vs Malformed Input Generator
> To: nmglug at nmglug.org
> Message-ID: <20041022155815.40752.qmail at web41312.mail.yahoo.com>
> Content-Type: text/plain; charset=us-ascii
> 
> Here is a link to an article that talks about something we might not
> like to hear, but which may be true.  It is more difficult to write
> code that truly validates the input.
> 
> http://www.securityfocus.com/archive/1/378632
> 
> I didn't try the code and reproduce the results.  Maybe there is
> nothing to it, but I bet there is, and this could explain some of the
> Mozilla/Firefox crashes we experience but don't worry too much about,
> just being glad to have an open source alternative.
> 
> Kim
> 
> 
Later I found this reply from a software engineer (he says anyway):

http://www.zdnet.co.uk/talkback/?PROCESS=show&ID=20029905&AT=39170849-39020691t-21000010c

Maybe I better just paste it here because that address is a little
long:

"Name: 		Matthew C. Tedder
Location: 		Pullman, WA -- U.S.
Occupation: 		Software Engineer
Comment: 		Yes. I reviewed the code and tested it on the named browsers
and also on Konqueror and Safari.

They all fail fairly quick, but--curiously--in very uniform ways. It
appears to me that this isn't a testament of many bugs, but rather all
from one place--a common XML Parser, written in C. Even Konqueror and
Safari based on QT (a C++ Toolkit) is actually the same C code wrapped
in C++. And C code is notorious for buffer overflows, etc.

I just think everyone debugged their own code and trusted the common
library for parsing content like: <tag field=value ...> So one bug
turns up in every browser.

Yes. It looks bad. Very bad. But, it isn't something generalizable
about all open source code. It's an isolated incident.

Matthew"

Better not trust those common libraries or else maybe you get common
crashes.

Kim


		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com




More information about the nmglug mailing list