Thread-topic: Quicktime for Windows throwing exceptions?
> -----Original Message-----
> From: George Birbilis [mailto:email@hidden]
>
> > In our thumbnail viewer we do wrap certain Quicktime load
> > calls around a try/catch, to catch some crashes that can
> > happen loading corrupted movies. The application should be
> > considered corrupted when that crash occurs and should exit
> > very soon, but with this catch() we can output a meaningful
> > message to the user to warn about which file has caused up
> > to panic, and tell him to remove it. Or we could flag it as bad
> > and never try to load that thumbnail again.
>
> I think such corrupted content should be posted to the ADC
> bug reporter for QuickTime, since it shouldn't corrupt the QT runtime and the
> application memory. Such corruptions can be exploited for DoS (denial of
> service) of say a service that uses QuickTime (can bring down or exploit the
> whole webserver if the content handler is set to run in-process at the web
> server [many times done so for more speed]) and also for elevation of
> priviledge etc.
well what's happening there is a crash in a codec (often some Avid or DivX codec) while loading a .mov file. Typically that .mov file is an incomplete, aborted render. Sometime the users has even killed the app while it was rendering. Impatient people, they are. Other times, it could be a file badly generated from OpenQuicktime on linux. So from my point of view, if a crash as occured it is because a memory overwrite (or overread) therefore I can't vouch for integrity of any other data in my process space. Where else did this pointer go? I can't tell. Therefore, of an exception is thrown while loading a quicktime file, the user gets a warning that the app is potentially unstable, and reports which file has caused the problem. Saved me countless support calls - I get none anymore, in fact - about crashing thumbnails in the file browser. The software points the finger! Since these occur at client sites, btw, I would not have access to these files.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
QuickTime-API mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/quicktime-api/email@hidden
This email sent to email@hidden
