1 Feb
2024
1 Feb
'24
10:51 a.m.
On Wed Jan 31 19:04:35 2024 +0000, Zebediah Figura wrote:
We don't do bounds checking elsewhere and we didn't do it in the Wine code that this was semi-copied from. I don't disagree with adding it in general but it didn't seem like enough of a priority. But I can add some if it's going to be a blocker.
I don't think we should allow user-provided data cause undefined behavior on our side. This might be a security bug, and in general it seems to me that we want to avoid that. We might have something slipped in somewhere, but we consider that a mistake.