Rockbox.org home
release
dev builds
extras
themes manual
wiki
device status forums
mailing lists
IRC bugs
patches
dev guide



Rockbox mail archive

Subject: Re: WPS tokenizer

Re: WPS tokenizer

From: Kosta Welke <kosta_at_fillibach.de>
Date: Tue, 20 Mar 2007 13:10:52 +0100

On Mon, 19 Mar 2007 09:18:35 +0100, RaeNye <raenye_at_netvision.net.il> wrote:

> I don't really care whether the intermediate represention is the same as
> the WPS with comments and whitespace stripped, or with text strings
> coalesced in
> the end of the file and pointers attached, or an obscure binary format.
> It's just that you need to parse a simpler format without error checking
> (unlike user-supplied WPS).

If we have some binary output that could be written directly to memory
lying
around on the disk, without error checking, it just screams security hole
directly in my face. Then again, it depends where and when it is created.
And of course, I see no practical application of creating a "malicious"
wps binary to 0wn your ipod. But I just thought someone should mention it.

Kosta
Received on 2007-03-20


Page was last modified "Jan 10 2012" The Rockbox Crew
aaa