[Png-mng-security] libpng-1.2.35beta03
glennrp at comcast.net
glennrp at comcast.net
Fri Feb 6 19:05:31 UTC 2009
An improvement would be to create and use either "png_zalloc" (like malloc
but zeros the result) or png_calloc (takes a count like calloc and zeros the
result.) Then all the allocated memory would be guaranteed to be set to
zero.
Not a bad idea, but let's save it for libpng-1.4.0
We have png_zalloc() but I seem to recall there was some frowning
upon it a while back. I don't remember why. Maybe it was simply
because we were zeroing some arrays that are perfectly safe uninitialized.
Glenn
More information about the png-mng-security-archive
mailing list