.

Building end-to-end security for Messenger

154

points by

contact9879

7

hours ago

|

hide

|

243

comments

add comment

neilv

8 hours ago

|

next {-}

> Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now.

If your code has a dozen vulnerabilities, it has more than that.

Also, every time I see a 2D image library, I assume it almost certainly has vulnerabilities. There's something magical about the task of coding 2D image libraries, such that it really calls out how bad we are at writing correct code (especially in C).

reply

yjftsjthsd-h

8 hours ago

|

next {-}

This is one of the reasons I'm a big fan of wuffs[0] - it specifically targets dealing with formats like pictures, safely, and the result drops in to a C codebase to make the compat/migration story easy.

[0] https://github.com/google/wuffs

reply

pgeorgi

8 hours ago

|

next {-}

reply

8 hours ago

|

next {-}

Oh, very nice:) Great to see that!

reply

yjftsjthsd-h

8 hours ago

|

next {-}

This is one of the reasons I'm a big fan of wuffs[0] - it specifically targets dealing with formats like pictures, safely, and the result drops in to a C codebase to make the compat/migration story easy.

[0] https://github.com/google/wuffs

reply

pgeorgi

8 hours ago

|

next {-}

reply

neilv

8 hours ago

|

next {-}

> Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now.

If your code has a dozen vulnerabilities, it has more than that.

Also, every time I see a 2D image library, I assume it almost certainly has vulnerabilities. There's something magical about the task of coding 2D image libraries, such that it really calls out how bad we are at writing correct code (especially in C).

reply

More

Guidelines

|

FAQ

|

Lists

|

API

|

Security

|

Legal

|

Apply to YC

|

Contact

Search:

login

Hacker News

new

|

past

|

comments

|

ask

|

show

|

jobs

|

submit

Hacker News

login

new

|

past

|

comments

|

ask

|

show

|

jobs

|

submit

Get Template