[Png-mng-security] NULL pointer dereferences in pngerror.c

Greg Roelofs newt at pobox.com
Sat Nov 11 22:03:57 UTC 2006


> In this case they have done something bad, but they've called png_warning
> or png_error with a valid message.  I think we might as well show them
> the message.  I don't consider it a "whole load of debugging".

> In the case of png_read_info() I would simply return as you suggest.
> That's what we do in quite a number of cases already.

	assert( !"libpng x.y.z:  foo.c:  you screwed the pooch" );

(or similar) also works...

Greg



More information about the png-mng-security-archive mailing list