<div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span style="font-size:12.8px">Yup, which is a huge weakness of VTK, IMNSHO.</span></blockquote><div><br></div><div>Actually this is true of almost every scientific computing program that I have ever used, not just VTK.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span style="font-size:12.8px">But the alternative is crashing upon invalid data.</span></blockquote><div><br></div><div>Another alternative is to assume that users are intelligent and know what they are doing and can figure out problems (very naive I know) :-) Vetting data is simple in concept but way worse than we think because if you carry it to extreme you've got to do things like check whether polygons are flat/non-self intersecting, cells are not turned inside out, data values are valid and indeed within the range specified, data time series are mutually consistent, etc. Like everything there are tradeoffs between getting stuff done and perfection, whatever the heck that is anyway :-) There are reasonable things to do but all in balance. I am going to continue to advocate that we need to keep thinking about new algorithms and designs (high-level stuff) and avoid getting stuck in the morass of technical perfection. What makes systems successful in the end are impactful capabilities--solving important problems--not the perfection of implementation. So if you've got some cycles to fuzz, I would go in the directions of added capabilities :-)</div><div><br></div><div>Best,<br>W</div><div> </div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 10, 2017 at 1:59 PM, Sean McBride <span dir="ltr"><<a href="mailto:sean@rogue-research.com" target="_blank">sean@rogue-research.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Thu, 10 Aug 2017 13:38:28 -0400, Will Schroeder said:<br>
<br>
>>In which case one may reasonably argue that the PLYReader is indeed broken,<br>
>>for failing to reject invalid files.<br>
><br>
>You are opening a can of worms here. I would humbly suggest that in most<br>
>all file formats in VTK if the data is invalid then bad things will happen.<br>
<br>
</span>Yup, which is a huge weakness of VTK, IMNSHO.<br>
<span class=""><br>
>If you want to make a sanity check as part of the read process then do it<br>
>as an optional step because fully vetting data can take forever.<br>
<br>
</span>Vetting the data does take time, yes. Sometimes the code can be factored such that the validation happens at one level, and some lower level function can assume it's valid.<br>
<br>
But the alternative is crashing upon invalid data. That's bad, especially when dealing with data from untrusted sources like files or the network. This is how we're in a world where opening maliciously crafted jpeg/pdf/font/etc files can be used to run arbitrary code and do all kinds of nastiness.<br>
<br>
If I had infinite time, fuzzing the VTK readers would be a fun project...<br>
<span class="HOEnZb"><font color="#888888"><br>
Sean<br>
<br>
<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>William J. Schroeder, PhD<br>Kitware, Inc. - Building the World's Technical Computing Software<br>28 Corporate Drive<br>Clifton Park, NY 12065<br><a href="mailto:will.schroeder@kitware.com" target="_blank">will.schroeder@kitware.com</a><br><a href="http://www.kitware.com" target="_blank">http://www.kitware.com</a><br>(518) 881-4902</div></div></div>
</div>