[Png-mng-security] potentially serious memory handling error in libpng

John Bowler jbowler at acm.org
Thu Feb 5 16:37:58 UTC 2009


From: glennrp at comcast.net
>In the other hand, we have been getting away with using memset
>to initialize pointers to zero all along.  When we create the png_struct
>we memset it to zero, and later on we check for read_fn == NULL, etc.
>
>So in the case that memset is not safe for this purpose we have a few
>other bugs to fix.

An architecture where the NULL pointer is not the bit pattern 0 will fail immediately, so we can be reasonably sure no such architecture is running an unmodified libpng.

Memset is *much* safer for this purpose.  It's the best way to ensure that every field in the structure is initialized.  It's much more of a security risk to rely on the code explicitly initializing every field.

John Bowler <jbowler at acm.org>






More information about the png-mng-security-archive mailing list