Tag Archives: zlib

Customers, customers, customers
Pascal Cuoq on 24 January 2013

The recent posts on extremely minor undefined behaviors in zlib neatly tie in with a discussion on John Regehr's blog about the future-proofitude of C and C++. Another insightful post in this regard is this one by Derek Jones. Derek claims that the situation is different for proprietary compilers with...

Read More

Bad zlib, bad! No compare pointer!
Pascal Cuoq on 16 January 2013

In a previous post we remarked that the decompression function of zlib for some inputs computes an invalid pointer. But at least it neither dereferences it nor compares it to another pointer. Or does it? Recipe for an invalid pointer comparison Instrument Take an ordinary zlib library version 1.2.7 and...

Read More

Why verify zlib?
Pascal Cuoq on 14 January 2013

As an interlude in the zlib verification thread, this post asks two questions. Is there any chance of finding a bug in zlib, and does it matter? Could there be a bug in zlib? It is not entirely impossible. The previous post in this blog pointed to a relatively minor...

Read More

Code review finds minor issue in Zlib
Pascal Cuoq on 9 January 2013

In an article about comparing static analyzers (long-time readers of the blog do not follow the link. It is still the same old article)… Where was I? Ah yes. One reason why it is extremely tricky to compare static analyzers is that a static analyzer is for identifying undefined behavior...

Read More

zlib progress: one comma misused
Pascal Cuoq on 18 December 2012

A few days ago I announced that the world had been using an unverified zlib library for too long and that we were going to fix this. This post is the first progress report. I have found a harmless undefined behavior in zlib and I have learnt something about the...

Read More