Re: Preview: portable dumper

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

We seem to be talking at cross purposes.  You raised the issue of
parsing network packets:

  > >   > Here's the scenario: suppose I can convince your Emacs to parse a
  > >   > carefully crafted network packet that triggers a bug in Emacs and lets
  > >   > me overwrite arbitrary memory in your Emacs process. Today, I win, in
  > >   > the sense that I gain complete control over your Emacs process and can
  > >   > do anything Emacs can do.

so I responded about Emacs's very simple parsing of network packets

  > > That reasoning is logically valid -- but is it really a plausible
  > > scenario that Emacs's parsing of a packet would have a bug that
  > > clobbers other unrelated memory?

but now you've changed the subject to libpng.

  > Bitter experience with other software has shown the answer to be "yes". 
  > The bug doesn't even have to be in Emacs --- it can be in a library we 
  > use. For example, we link against libpng when available, 

You might be right about libpng, but if so, that has nothing
particularly to do with parsing network packets in Emacs.
There are various ways the PNG file could get into your Emacs.

Regarding png files and security, there are many ways to view a png
file in various different programs.  It is useful to defend Emacs
better against such bugs, but maybe the better defense is a validator
library, separate from libpng, to carefully validate the format of a
PNG file and detect any inconsistency.  Then programs could call that
validator before showing the PNG file to libpng.

-- 
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.