Yeep. That is not entirely unsurprising (it’s such a common flaw in basic section/chunk formats that they obviously didn’t research about even the possibility of security flaws, or consider there to be any threat model at all — it was designed to be used internally in games for game assets, perhaps). Still a little disappointing to see they were indeed that lackadaisical. I don’t expect change, they’re very set in their ways.There is a superior, free, open-source alternative called Inochi2D — https://inochi2d.com/ — developed primarily by Luna the Foxgirl, and used by all of nullptr::live, including Asahi Lina (of Asahi Linux fame). It really should see more love because it’s superior in almost every way.
coolspot|3 years ago