> In our thumbnail viewer we do wrap certain Quicktime load
> calls around a try/catch, to catch some crashes that can
> happen loading corrupted movies. The application should be
> considered corrupted when that crash occurs and should exit
> very soon, but with this catch() we can output a meaningful
> message to the user to warn about which file has caused up
> to panic, and tell him to remove it. Or we could flag it as bad
> and never try to load that thumbnail again.
I think such corrupted content should be posted to the ADC bug reporter for
QuickTime, since it shouldn't corrupt the QT runtime and the application
memory. Such corruptions can be exploited for DoS (denial of service) of say
a service that uses QuickTime (can bring down or exploit the whole webserver
if the content handler is set to run in-process at the web server [many
times done so for more speed]) and also for elevation of priviledge etc.
----------------
George Birbilis (email@hidden)
Microsoft MVP J# for 2004-2006
Borland "Spirit of Delphi"
* QuickTime, QTVR, ActiveX, .NET, Delphi VCL, XML, IPC
http://www.kagi.com/birbilis
* Robotics
http://www.mech.upatras.gr/~Roboticshttp://www.mech.upatras.gr/~robgroup
_____
avast! Antivirus <http://www.avast.com> : Outbound message clean.
Virus Database (VPS): 0638-1, 22/09/2006
Tested on: 24/9/2006 9:48:03 p?
avast! - copyright (c) 1988-2006 ALWIL Software.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
QuickTime-API mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/quicktime-api/email@hidden
This email sent to email@hidden
