Am 03.07.2012 01:13, schrieb Ron:
Well, no ... _sanitize_matrix() only gets called if format->matrix is not NULL. So I don't really see what "more robust" check it could do.
My first idea was to check if strlen(format->matrix) is within reasonable boundaries, before using it to allocate memory.
If the caller sets format->matrix to point to an invalid memory location there isn't really anything more that libao can do to validate that. They could set it to &main with more or less equivalent results to leaving it uninitialised, so only the caller is in a position to validate that is sanely set before they pass it to libao.
Generally, I agree that it's the applications fault to pass a pointer-to-garbage to libao. But that's the critical point: If you are not in control of the data, you shouldn't use it unseen to allocate memory.
- Fabian -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
