>>6 Better quality and you're not bound by internet connection
Name:
Anonymous2017-05-25 12:57
>>12 >Quality Anime is limited color pallette, low-contrast content. There isn't much detail there in the first place. >not bound by I don't have a quota like in some third world country and can download anything 24/7
Name:
Anonymous2017-05-25 13:11
>>13 It may be colored line art, but it's still line art and that isn't low contrast.
>>14 >line art This isn't art or some exotic style. Anime is mass produced, factory stamped low-culture media, designed to be easy to draw en masse. You're probably thinking of manga sources, which could be considered line art.
I can't find the vulnerability this attack uses. All that page says is "Beware! text files with subtitles can hack your computer" and links you to some sponsors media players and a video of someone capturing a screen two times.
All the other websites I found just copy the text and link to that page.
You can see OP in the comments there talking shit about C and promoting those badly written programs.
What a fucking low energy beta media player faggot cuck.
I don't have a quota like in some third world country and can download anything 24/7
Then wouldn't that be more of a reason to download it? Downloading it means a bigger file size and better quality.
Name:
Anonymous2017-05-26 16:31
>>21 The code for it is not disclosed, but the vulnerability details are available. Search for CVE-2017-8310, CVE-2017-8311, CVE-2017-8312 and CVE-2017-8313.
CVE-2017-8310 Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
CVE-2017-8311 Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
CVE-2017-8312 Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
CVE-2017-8313 Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
>>40 Mirror, mirror on the wall, whos the leakiest abstraction of them all? >execute some OS command by writing to stdout Is this linux specific at least?
Name:
Anonymous2017-05-28 10:42
>>41 http://man7.org/linux/man-pages/man4/console_codes.4.html ESC ] 0 ; txt ST Set icon name and window title to txt. ESC ] 1 ; txt ST Set icon name to txt. ESC ] 2 ; txt ST Set window title to txt. ESC ] 4 ; num; txt ST Set ANSI color num to txt. ESC ] 10 ; txt ST Set dynamic text color to txt. ESC ] 4 6 ; name ST Change log file to name (normally disabled by a compile-time option) ESC ] 5 0 ; fn ST Set font to fn.
Name:
Anonymous2017-05-28 11:14
What happens with this? ESC [ 14 ; n ] Set the VESA powerdown interval in minutes.
>>40 Shut the fuck up. This is the sort of bullshit that makes useful utilities like cat turn into ENTERPRISE QUALITY bloatstrosities that are larger and yet less general and useful than their predecessors. There's no need to "validate" any input.
One only has to look at PowersHell and its ridiculous fuckups with assuming character encoding and such to see an example of this retardedness in action.
>>47 Nice try blaming the user instead of the programmer
Name:
Anonymous2017-05-28 17:31
>>47 Yet again Cudder proves, that Russians are oriental niggers.
Name:
Anonymous2017-05-28 19:18
This will only be fixed when people honor innovators instead of cultural appropriators. Why is it that nobody can name a single person who worked on MULTICS but they know all about MULTICS without balls's cultural appropriators?
int main(void) { /* * buf is initialized to an array of 32 zero bytes, and since the * fread call will read in at most 31 bytes into buf, the resulting * string is guaranteed to be nul-terminated. */ char buf[32] = {0}; fread(buf, 1, 31, stdin); printf("You said %s!\n", buf); return(0); }
>>40 That's not an issue with my program, it's an issue with the shell/terminal.
Why is no one commenting on the monstrous use of ``le turing complete enterprise e/g/in web languages'' on something so simple as just colored text on a screen? If you ask me, that's why this happened. There's no need to implement something that complex there.
That's not an issue with my program, it's an issue with the shell/terminal.
Your program relies on a terminal for output, so it is the issue with your shitty code. You should either provide your own output method or sanitize output, so it won't break Unix and Windows terminals.
Redirecting is not the default. In general, stdout is for writing text data only. Files one fopens require explicitly specifying "wb", otherwise written data will be interpreted as text, with various text transformations applied.
On the first aspect, Merkel mentions the use of the C programming language as one risk factor which favored Heartbleed's appearance, echoing Wheeler's analysis
