[Bug 608644] libpng: Memory leak when processing Physical Scale (sCAL) images
bugzilla at redhat.com
bugzilla at redhat.com
Mon Jun 28 16:11:23 UTC 2010
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=608644
Glenn Randers-Pehrson <glennrp+bmo at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |glennrp+bmo at gmail.com
--- Comment #3 from Glenn Randers-Pehrson <glennrp+bmo at gmail.com> 2010-06-28 12:11:22 EDT ---
A defense for applications that don't need or want the sCAL
chunk is to use the png_set_keep_unknown_chunks() mechanism to ignore
it. See Mozilla's libpr0n/decoders/png or ImageMagick and
GraphicsMagick's coders/png.c, and pngcrush for examples of this.
It's a good idea for applications to do this because it
reduces resources consumed in reading a PNG, and it reduces their
attack surface by making the application invulnerable to future
vulnerabilities in known but unused chunks such as sCAL.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the mingw
mailing list