Posted Oct 6, 2005 4:22 UTC (Thu) by JoeBuck
Parent article: zlib: buffer overflow
We should have been done with zlib bugs long ago.
zlib simply isn't that complex, and it is pervasive. It should be possible to analyze the code and prove that there are no remaining buffer overflows (rewriting any parts that are necessary to obtain the proof). Same goes for other pervasive libraries, like JPEG, GIF, and PNG, so people can have rock-solid confidence that viewing attachments isn't a malware vector any more.
Too bad summer's over, it would have been nice to ask Google to sponsor something like that.
to post comments)