Hi, On Mon, Jul 20, 2009 at 6:14 PM, Michael Niedermayer<michaelni at gmx.at> wrote: > the updated p can have any value the attacker chooses if he can make > len have any value and i think he can but maybe i miss something ... Ah, integer overflows, of course. Will fix. Ronald