[Ffmpeg-cvslog] r5530 - in trunk/libavcodec: vc1.c vc1acdata.h vc1data.h

Erik Slagter erik
Wed Jun 28 13:49:01 CEST 2006

> also please be carefull with malloc(x*y) code if the result of the 
> multiplication doesnt fit in an int then this can under some curcumstances
> be exploitable

This one was indeed brought under my attention lately. What is the
agreed best practise to avoid these exploits? The only thing I can come
up with, is testing x and y to have values that multiplied together
never can grow beyond 32 (or 64) bits.

More information about the ffmpeg-cvslog mailing list