[vtk-developers] Strange problem with vtkPLYReader
Sean McBride
sean at rogue-research.com
Thu Aug 10 13:59:42 EDT 2017
On Thu, 10 Aug 2017 13:38:28 -0400, Will Schroeder said:
>>In which case one may reasonably argue that the PLYReader is indeed broken,
>>for failing to reject invalid files.
>
>You are opening a can of worms here. I would humbly suggest that in most
>all file formats in VTK if the data is invalid then bad things will happen.
Yup, which is a huge weakness of VTK, IMNSHO.
>If you want to make a sanity check as part of the read process then do it
>as an optional step because fully vetting data can take forever.
Vetting the data does take time, yes. Sometimes the code can be factored such that the validation happens at one level, and some lower level function can assume it's valid.
But the alternative is crashing upon invalid data. That's bad, especially when dealing with data from untrusted sources like files or the network. This is how we're in a world where opening maliciously crafted jpeg/pdf/font/etc files can be used to run arbitrary code and do all kinds of nastiness.
If I had infinite time, fuzzing the VTK readers would be a fun project...
Sean
More information about the vtk-developers
mailing list