Re: C file recoginzed as image file

[Chris Moore]

Richard Stallman <address@hidden> writes:

>     I don't want this situation to be possible in Emacs:
>
>     I receive a file foo.c in an email, save it to disk and open it in
>     Emacs, knowing that the .c type is opened in cc-mode which is safe.
>     To my horror, the file actually contains an evil .jpg file which
>     causes a buffer overflow in the jpg library; when it's displayed it
>     infects my machine with a virus.
>
> Compare that with this scenario:
>
>     You receive a file foo.jpg in an email, you save it to disk
>     and open it in Emacs, figuring that a jpg file ought to be safe.
>     To your horror, the file actually contains an evil .jpg file which
>     causes a buffer overflow in the jpg library; when it's displayed it
>     infects your machine with a virus.
>
> Assuming there is such a bug in the jpg library, the latter scenario
> seems much more likely than the former.

That's a big assumption to make.  There have been many exploitable
bugs in image libraries in recent years.  Because of this, I wouldn't
figure that a jpg file is safe to open, whereas I would figure that a
C source file is safe to open.

> Besides which, a jpg file starts with characters that don't make any
> sense at the start of a C file.  So if it looks like a plausible C
> file, it won't be treated as a jpeg.

If it looks like a plausible C file to who?  In the case I described
all I've seen so far is the file's name so as far as I know it is a C
source file.  I try to examine the contents using Emacs, and it is
displayed as an image.