|
2 registered members (TipmyPip, Martin_HH),
2,946
guests, and 2
spiders. |
|
Key:
Admin,
Global Mod,
Mod
|
|
|
Re: Masking error messages
[Re: jcl]
#424469
06/16/13 18:16
06/16/13 18:16
|
Joined: Apr 2007
Posts: 3,751
Canada
WretchedSid
Expert
|
Expert
Joined: Apr 2007
Posts: 3,751
Canada
|
I also am not sure that such code can be found in online libraries, as it's an unusual task. Most libraries just assume that the image is good. Sorry, but in that case you are using shitty libraries. All libraries I've mentioned above do check the image instead of simply trusting third party content. Malicious images have been used as attack vectors for remote code execution and privilege escalation in the past, doing a quick search over the CVEs filed in the past few years yields dozens of results. You might want to argue that it's just a game and no one cares about games, at least that's the attitude of mot game developers (CryTek famously screwed up their Diffie-Hellman handhsake implementation in Crysis), but I personally would prefer to spend a few more CPU cycles checking the image than publishing an attack vector into my users systems. YMMV.
Shitlord by trade and passion. Graphics programmer at Laminar Research. I write blog posts at feresignum.com
|
|
|
Re: Masking error messages
[Re: WretchedSid]
#424485
06/17/13 07:30
06/17/13 07:30
|
Joined: Jul 2000
Posts: 28,106
Frankfurt
jcl
Chief Engineer
|
Chief Engineer
Joined: Jul 2000
Posts: 28,106
Frankfurt
|
There are no "shitty libraries", whatever that means. Maybe you misunderstood something. It is theoretically possible to transport malicious code in images, but no library will "check the image" for that. An image library is for loading images, not for detecting malicious content.
The only thing an image loader can do is checking the consistency of the image header, and this only to a certain degree. For PC games, the most common image loading library is DirectX, which is also used by Gamestudio. It tends to crash with bad images, so it seems not to do any checks of that kind. If you want to check the image in any way, you need to do that by script before loading it.
|
|
|
Re: Masking error messages
[Re: jcl]
#424505
06/17/13 16:37
06/17/13 16:37
|
Joined: Dec 2008
Posts: 1,218
Germany
Rackscha
Serious User
|
Serious User
Joined: Dec 2008
Posts: 1,218
Germany
|
@jcl does it crash or does it throw exceptions?
MY Website with news of my projects: (for example my current Muliplayer Bomberman, GenesisPrecompiler for LiteC and TileMaster, an easy to use Tile editor) Sparetime-Development
|
|
|
Re: Masking error messages
[Re: jcl]
#424567
06/18/13 18:26
06/18/13 18:26
|
Joined: Dec 2008
Posts: 1,218
Germany
Rackscha
Serious User
|
Serious User
Joined: Dec 2008
Posts: 1,218
Germany
|
Noooot really. An exception is not always caused by a Crash. The core of it(and its handling) is the the rewinding of the stack to a known state including an id/message of what or why it happend.
Last edited by Rackscha; 06/18/13 18:27.
MY Website with news of my projects: (for example my current Muliplayer Bomberman, GenesisPrecompiler for LiteC and TileMaster, an easy to use Tile editor) Sparetime-Development
|
|
|
Re: Masking error messages
[Re: jcl]
#425496
07/06/13 15:01
07/06/13 15:01
|
Joined: Sep 2009
Posts: 1,035
Budapest
Aku_Aku
OP
Serious User
|
OP
Serious User
Joined: Sep 2009
Posts: 1,035
Budapest
|
I have no code for checking if an image is good or bad, and I also am not sure that such code can be found in online libraries, as it's an unusual task. Most libraries just assume that the image is good. So probably you have to code that yourself in a lite-C script.
Basically you need to do a consistency check of the header of any image format that you want to load. Dependent on the compression algorithm, you might also need to check the content. Thanks for your reply, excuse me for the late.
|
|
|
|
