From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 border1.nntp.dca1.giganews.com!buffer1.nntp.dca1.giganews.com!border1.nntp.dca3.giganews.com!backlog3.nntp.dca3.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!feeder.erje.net!eu.feeder.erje.net!eternal-september.org!feeder.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP>
Newsgroups: comp.lang.ada
Subject: Re: a new language, designed for safety !
Date: Mon, 16 Jun 2014 00:16:12 +0000 (UTC)
Organization: A noiseless patient Spider
Message-ID: <lnld0c$252$2@dont-email.me>
References: <lmj8s6$hhp$1@speranza.aioe.org>
 <1402308235.2520.153.camel@pascal.home.net> <85ioo9yukk.fsf@stephe-leake.org>
 <ln6tlg$1vc$1@dont-email.me>
 <255b51cd-b23f-4413-805a-9fea3c70d8b2@googlegroups.com>
 <J3rmv.287368$Nf2.155042@fx01.iad> <lndulo$2d1$1@dont-email.me>
 <5b446648-8193-46c4-b99c-015d86983758@googlegroups.com>
 <lyppidne4p.fsf@pushface.org> <lnjeof$h63$1@loke.gir.dk>
 <79bae654-d08b-4da6-8dbc-0da5a101ea86@googlegroups.com>
 <lnjksl$9og$1@speranza.aioe.org>
Injection-Date: Mon, 16 Jun 2014 00:16:12 +0000 (UTC)
Injection-Info: mx05.eternal-september.org;
 posting-host="e458ff8b81bc0c159989eb0e36c6e372";
 logging-data="2210"; mail-complaints-to="abuse@eternal-september.org";
 posting-account="U2FsdGVkX19Gs4qcgqUtg2gLd3GrkxxxPkQtcacgSB0="
User-Agent: slrn/0.9.8.1 (VMS/Multinet)
Cancel-Lock: sha1:/21rRHfQOG+MKlw/bzUkTY5JIy0=
X-Original-Bytes: 2551
Xref: number.nntp.dca.giganews.com comp.lang.ada:186948
Date: 2014-06-16T00:16:12+00:00
List-Id: <comp.lang.ada>

On 2014-06-15, Nasser M. Abbasi <nma@12000.org> wrote:
> speaking of safe languages, I just saw this trying to update
> my viedeplan plugin for firefox:
>
> http://www.videolan.org/security/sa1302.html
>
> "Security Advisory 1302
> When parsing a specially crafted ASF movie,
> a buffer overflow might occur.
>
> Impact
> If successful, a malicious third party could
> trigger an invalid memory access"
>
> "This issue is addressed in VLC media player 2.0.x
> source code repository by replacing a macro with a
> static inline and improved bounds checking."
>
> Notice: "improved bounds checking", WOw! So there
> is still a chance the bounds checking might fail?
>

That's what you get when you have to place the bounds checking
within the source code itself. :-)

Another related area for security issues are in specially crafted
images which trigger buffer overflows (and other issues) in image
processing libraries.

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world