[Png-mng-security] NULL pointer dereferences in pngerror.c
John Bowler
jbowler at acm.org
Sat Nov 11 16:26:02 UTC 2006
IMO these things should just return if 'png_ptr' is NULL. It's simple and fast. If png_ptr is NULL someone (outside libpng) has
done something really bad. It doesn't seem reasonable to put in a whole load of debugging for such badly broken cases because it
unnecessarily burdens the vast majority of applications.
How about:
if (png_ptr == NULL) return;
throughout. Alternatively, how about:
if (png_ptr == NULL) abort();
inside png_error.c cases.
John Bowler <jbowler at acm.org>
More information about the png-mng-security-archive
mailing list