On Fri, Nov 6, 2015 at 4:06 PM, Ganesh Ajjanagadde
wrote:
> strlen returns a size_t, which is unsigned. If it is less than 2 for
> some pixel format. wrap-around will happen and a bad pointer dereference
> will take place.
>
> Yes, this is at the moment theoretical, but nonetheless dangerous in my
strlen returns a size_t, which is unsigned. If it is less than 2 for
some pixel format. wrap-around will happen and a bad pointer dereference
will take place.
Yes, this is at the moment theoretical, but nonetheless dangerous in my
view and the fix is very simple.
-
