Bug#679826: zsnes: segfaults on start in testing i386
Fabian Greffrath
fabian at greffrath.com
Tue Jul 3 07:27:21 UTC 2012
Am 03.07.2012 01:13, schrieb Ron:
> Well, no ... _sanitize_matrix() only gets called if format->matrix is
> not NULL. So I don't really see what "more robust" check it could do.
My first idea was to check if strlen(format->matrix) is within
reasonable boundaries, before using it to allocate memory.
> If the caller sets format->matrix to point to an invalid memory location
> there isn't really anything more that libao can do to validate that.
> They could set it to &main with more or less equivalent results to leaving
> it uninitialised, so only the caller is in a position to validate that is
> sanely set before they pass it to libao.
Generally, I agree that it's the applications fault to pass a
pointer-to-garbage to libao. But that's the critical point: If you are
not in control of the data, you shouldn't use it unseen to allocate
memory.
- Fabian
More information about the Pkg-games-devel
mailing list