[Png-mng-security] potentially serious memory handling error in libpng

Tom Lane tgl at sss.pgh.pa.us
Thu Feb 5 18:14:01 UTC 2009


Greg Roelofs <newt at pobox.com> writes:
> I don't have the spec, but the K&R wording is that the literal integer 0
> is equivalent to a NULL pointer only via cast, assignment, or comparison.

Right.  In theory a compiler could use a not-all-zeroes bit pattern to
represent a NULL pointer, if it were willing to do appropriate pushups
when casting between pointers and integers.  In practice, no one does,
and no one ever will because almost no extant C code would run on their
machine if they did.  The spec-required casting behavior would negate
any possible win from using such a representation anyway, I'd think.

I concur that writing an ifdef for this is beyond silly.  Just memset
it and be done.

			regards, tom lane



More information about the png-mng-security-archive mailing list