[Ffmpeg-cvslog] r5530 - in trunk/libavcodec: vc1.c vc1acdata.h vc1data.h
Wed Jun 28 18:50:01 CEST 2006
On Wed, Jun 28, 2006 at 01:49:01PM +0200, Erik Slagter wrote:
> > also please be carefull with malloc(x*y) code if the result of the
> > multiplication doesnt fit in an int then this can under some curcumstances
> > be exploitable
> This one was indeed brought under my attention lately. What is the
> agreed best practise to avoid these exploits? The only thing I can come
> up with, is testing x and y to have values that multiplied together
> never can grow beyond 32 (or 64) bits.
Test if (x > SIZE_MAX/y), and also cast to size_t before the multiply
for strict correctness.
More information about the ffmpeg-cvslog