6 Dec
2010
6 Dec
'10
5:30 p.m.
On 6/12/2010 17:19, Christian Henning wrote:
My corrupted images were merely .txt files. ;-) When reading the header libjpeg would issue an error and the io extension will throw an exception. Now, we can argue such testing is insufficient and I would agree but that's what we have for now. I'm gladly incorporate some corrupted image reading into the test suite.
Christian
Have you looked into how browsers test against malicious attacks? IIRC they take valid images and change them in a "educatedly random" fashion. (i.e. all kinds of header corruption) As images are a common attack vector for malicious attacks I think that kind of testing is quite important. Fabio