On Tue, Apr 22, 2014 at 5:48 PM, Joshua Cranmer 🐧 <pidgeo...@gmail.com> wrote: > If these encoders/decoders have been around for 10 years without security > holes being found, I'll doubt there'll be any reported in the next year.
The encoding converters have been around for more than 10 years and there have been sec-* bugs in them. In fact, sec-* bugs have been found recently after the code had aged for 10 years. One reason I want to get rid of multi-byte encodings that we don't absolutely need is that multi-byte decoders written with C-style pointer arithmetic and gotos are prone to bugs. The idea of Thunderbird adopting the least scrutinized multi-byte decoders creeps me out as a Thunderbird user, but at least the attack surface in Firefox will get smaller. if (CHECK_OVERRUN(dest, destEnd, 2)) goto error1; At least there are overrun checks. As for the landing schedule relative to ESR, it looks like natural inertia might push the landings past the ESR branch point. (Speaking of ESR, I sure hope Thunderbird gets rid of VISCII and ARMSCII in the ESR message compose menu even if it means landing something on Aurora/Beta.) -- Henri Sivonen hsivo...@hsivonen.fi https://hsivonen.fi/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
