[Png-mng-security] NULL pointer dereferences in pngerror.c
glennrp at comcast.net
glennrp at comcast.net
Mon Nov 13 17:53:07 UTC 2006
There are lots and lots of cases already in libpng where we check the png_ptr
and return without action if it's NULL. There are several dozen instances of
exported functions that don't check the png_ptr. I don't want to switch to a new
philosophy right now but will just add those omitted tests and return without
action when the png_ptr is NULL.
I would like to make an exception to that rule for png_warning and png_error
though. Since we have the user's error message, and the user is probably
desparate, I think we should go ahead and display the message if possible,
using the default warning or error handler, while avoiding the use of
png_ptr. I think previous versions of libpng try to follow this exception, but
not necessarily successfully.
Consider the user who writes
png_warning (null_ptr, "Checkpoint A");
png_warning (null_ptr, "Checkpoint B");
png_warning (null_ptr, "Checkpoint C");
png_warning (null_ptr, "Checkpoint D");
png_warning (null_ptr, "Checkpoint E");
Which is more useful:
Checkpoint C
Checkpoint D
CRASH
or
foo.c: you screwed the pooch
CRASH
or just
CRASH
Glenn
More information about the png-mng-security-archive
mailing list