[Png-mng-security] NULL pointer dereferences in pngerror.c

glennrp at comcast.net glennrp at comcast.net
Mon Nov 13 17:53:07 UTC 2006


There are lots and lots of cases already in libpng where we check the png_ptr
and return without action if it's NULL.  There are several dozen instances of
exported functions that don't check the png_ptr.  I don't want to switch to a new
philosophy right now but will just add those omitted tests and return without
action when the png_ptr is NULL.

I would like to make an exception to that rule for png_warning and png_error
though.  Since we have the user's error message, and the user is probably
desparate, I think we should go ahead and display the message if possible,
using the default warning or error handler, while avoiding the use of
png_ptr.   I think previous versions of libpng try to follow this exception, but
not necessarily successfully.

Consider the user who writes
     png_warning (null_ptr, "Checkpoint A");
    png_warning (null_ptr, "Checkpoint B");
    png_warning (null_ptr, "Checkpoint C");
    png_warning (null_ptr, "Checkpoint D");
    png_warning (null_ptr, "Checkpoint E");

Which is more useful:

   Checkpoint C
   Checkpoint D
   CRASH

or
   foo.c: you screwed the pooch
   CRASH

or just
    CRASH

Glenn



More information about the png-mng-security-archive mailing list