Am 12.05.2026 um 04:37 schrieb Aaron M. Ucko: Hello,
As I recall, my pre-filing investigation found that libpng leaves any trailing portion of the row's final byte unspecified. It would of course be possible to tighten that policy up, but there's normally no need to, even from a reproducibility perspective, because such bits are typically of no interest to consumers anyway.
As far as I understood there are some (random) bytes inserted, which remain invisible to the consumer but are nevertheless there and make the file building not fully reproducible, correct? For the consumers of course there is no need, but there is some kind of need to make file creation deterministic. This could be communicated to the piece of code generating the randomness. If I understand correctly it has to be found out, where that code is located. If you are sure, it is libpng, we should at least clone that bug to evaluation.
H. -- sigfault
OpenPGP_signature.asc
Description: OpenPGP digital signature
