Date: Wed, 09 Aug 2017 09:07:04 -0400 From: Jesse Hertz <jesse_hertz@...le.com> To: oss-security@...ts.openwall.com Subject: Re: Cve issue discussion If a non-ASAN build under valgrind caused it to consume a lot of memory, then its a legitimate issue, report it to libpng. > On Aug 9, 2017, at 8:18 AM, Glenn Randers-Pehrson <glennrp@...il.com> wrote: > > On Wed, Aug 9, 2017 at 3:49 AM, ne xo <nexo123@...look.kr> wrote: >> Most bugs in ASan do not cause crash in non-ASan environments. >> >> You should check with the valgrind tool. > > That's what I do. > > Valgrind exhibited the large memory request but did it quickly. [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ