[Png-mng-security] potentially serious memory handling error in libpng

Tavis Ormandy taviso at sdf.lonestar.org
Thu Feb 5 15:25:47 UTC 2009


On Thu, Feb 05, 2009 at 10:20:42AM -0500, Tom Lane wrote:
> glennrp at comcast.net writes:
> > In the other hand, we have been getting away with using memset 
> > to initialize pointers to zero all along.
> 
> As has every other piece of C software on the planet.  Don't worry about
> it.  (The memset also seems much less likely to fall victim to any
> hypothetical overaggressive-optimization bugs.)
> 
> 			regards, tom lane

Okay, thanks for the clarification, the unusual logic in
png_default_zalloc() confused me, perhaps it is just redundant paranoid
checking? 

Thanks, Tavis.

-- 
-------------------------------------
taviso at sdf.lonestar.org | finger me for my gpg key.
-------------------------------------------------------



More information about the png-mng-security-archive mailing list