[Geotiff] Significant vulnerability in libgeotiff
Chris 'Xenon' Hanson
xenon at 3dnature.com
Fri Oct 14 22:33:54 EDT 2005
Frank Warmerdam wrote:
> 3) We could add validation into libgeotiff such that geokeys of the wrong
> type are discarded on reading (or possibly coerced to the correct type).
> Option (3) should benefit any application upgrading to a
> new libgeotiff without any actual code changes to the application,
> though it would potentially be bad just throwing away some geokeys.
> Any thoughts from the community on how this should be approached?
Option 3 seems like the wisest course. For those who are worried about a performance
impact, the safety-checking code could perhaps be compiled out by a #define, which
defaulted to off. In this way, naive users would get the new error checking and people who
(thought) they knew what they were doing would have to deliberately take steps to get the
old behaviour.
--
Chris 'Xenon' Hanson | Xenon @ 3D Nature | http://www.3DNature.com/
"I set the wheels in motion, turn up all the machines, activate the programs,
and run behind the scenes. I set the clouds in motion, turn up light and sound,
activate the window, and watch the world go 'round." -Prime Mover, Rush.
More information about the Geotiff
mailing list