> > A valid concern. However, this will definitely not happen – how will > you specify four or even more C function pointers within an > environment variable? [...] >
I am not sure if what I am going to say is correct or not. Please correct me if I get this wrong. I think what Behdad means is this: The whole environment variable thing is a string, so a sequence of bytes. If I set FREETYPE_PROPERTIES to `ot-svg:svg_hooks=asdjkfsjlfdk', In `ft_svg_property_set', `value' will have the address of letter `a' and thus, when the types are cast to hooks, weird address will be set and when the `ot-svg' module calls my hooks, things will crash. I am no expert in security, but I think this could be a security concern too?
_______________________________________________ Freetype-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/freetype-devel
