[Ffmpeg-cvslog] r5530 - in trunk/libavcodec: vc1.c vc1acdata.hvc1data.h

Nico Sabbi nsabbi
Wed Jun 28 14:41:37 CEST 2006


Erik Slagter wrote:
>> also please be carefull with malloc(x*y) code if the result of the 
>> multiplication doesnt fit in an int then this can under some curcumstances
>> be exploitable
>>     
>
> This one was indeed brought under my attention lately. What is the
> agreed best practise to avoid these exploits? The only thing I can come
> up with, is testing x and y to have values that multiplied together
> never can grow beyond 32 (or 64) bits.
>
>   

look at realloc_struct()  in libmpdemux/demuxer.h (part of mplayer)
 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 Vinci 100 giorni di Sheba: partecipa al concorso e vinci ricchissimi set di prodotti per far felice il tuo gatto!
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=5269&d=28-6




More information about the ffmpeg-cvslog mailing list