[Png-mng-security] libpng-1.2.35beta03

glennrp at comcast.net glennrp at comcast.net
Fri Feb 6 19:05:31 UTC 2009


An improvement would be to create and use either "png_zalloc" (like malloc
but zeros the result) or png_calloc (takes a count like calloc and zeros the
result.)  Then all the allocated memory would be guaranteed to be set to
zero.

     Not a bad idea, but let's save it for libpng-1.4.0

     We have png_zalloc() but I seem to recall there was some frowning
     upon it a while back.  I don't remember why.  Maybe it was simply
     because we were zeroing some arrays that are perfectly safe uninitialized.

     Glenn



More information about the png-mng-security-archive mailing list