[Png-mng-security] potentially serious memory handling error in libpng
Tavis Ormandy
taviso at sdf.lonestar.org
Thu Feb 5 15:25:47 UTC 2009
On Thu, Feb 05, 2009 at 10:20:42AM -0500, Tom Lane wrote:
> glennrp at comcast.net writes:
> > In the other hand, we have been getting away with using memset
> > to initialize pointers to zero all along.
>
> As has every other piece of C software on the planet. Don't worry about
> it. (The memset also seems much less likely to fall victim to any
> hypothetical overaggressive-optimization bugs.)
>
> regards, tom lane
Okay, thanks for the clarification, the unusual logic in
png_default_zalloc() confused me, perhaps it is just redundant paranoid
checking?
Thanks, Tavis.
--
-------------------------------------
taviso at sdf.lonestar.org | finger me for my gpg key.
-------------------------------------------------------
More information about the png-mng-security-archive
mailing list