And one question comes up as to what is the threat model that such a vulnerability is an issue. So they provide your program with a bogus file and you corrupt it, is that really a problem. Now, if you merge that data with some other dataset, maybe you have more of an issue, but is that really worse than just merging untrusted data. Now, if the bad file can actually crash a system that is also at the same time processing good data, then that might be more of an issue. If the concern is the user wasting time with a bad file, how apt are users to get such a file? Maybe the simple test is to check the schema and warn them if it doesn't match a known schema that the application should have been able to generate.