> "Crash confirmed. Buthis program is not expected to be able to deal > with arbitrarily broken input. All I'm going to do about it is add a > SIGSEGV handler."
> here we have an upstream maintainer explicitly saying that an > image-processing program is not suitable for use on arbitrary input So what about GNU tar where restoring an untrusted tarball, _or_ restoring a tarball as root when an user who owns any files contained within the tarballs is logged on, is not supported either? Or, btrfs-receive with the same problem (but at least you _can_ do it securely as an user, with an unobvious and still poorly documented way). Or, binutils that can't be used to analyze untrusted input either? Sometimes input validation would massively extend the amount of tuits needed, beyond the author's resources. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Remember, the S in "IoT" stands for Security, while P stands ⢿⡄⠘⠷⠚⠋⠀ for Privacy. ⠈⠳⣄⠀⠀⠀⠀
