[Zlib-devel] zlib 1.2.3.1 released for testing
Greg Roelofs
newt at pobox.com
Sun Sep 17 12:51:12 EDT 2006
> On Sep 16, 2006, at 6:50 AM, Glenn Randers-Pehrson wrote:
> > I realize that it is a lot of magnanimity to ask, to accept invalid
> > datastreams, and I won't ask you to do it if it opens a vulnerability.
> > But all the same, uneducated users only see it as a bug in zlib or
> > firefox.
There's no particularly good reason why Firefox couldn't use zlib 1.1.x,
right?
> Though this deeply offends me to my mathematical core, I will add an
> obscure and undocumented compile-time option to accept and decode
> these invalid deflate streams (using zeros for the too-far-back
> references).
And I will duly fail to use it in pngcheck, at least. (Btw, Miano
fixed ImageLib a couple years ago; the problem is that no one who
implemented something with it before has bothered to upgrade.)
Greg
More information about the Zlib-devel
mailing list