[Zlib-devel] zlib 1.2.3.1 released for testing
Mark Adler
madler at alumni.caltech.edu
Sun Sep 17 12:28:19 EDT 2006
On Sep 16, 2006, at 6:50 AM, Glenn Randers-Pehrson wrote:
> I realize that it is a lot of magnanimity to ask, to accept invalid
> datastreams, and I won't ask you to do it if it opens a vulnerability.
> But all the same, uneducated users only see it as a bug in zlib or
> firefox.
Though this deeply offends me to my mathematical core, I will add an
obscure and undocumented compile-time option to accept and decode
these invalid deflate streams (using zeros for the too-far-back
references). There is certainly a way to implement it and not create
a vulnerability.
mark
More information about the Zlib-devel
mailing list