[Ffmpeg-cvslog] r5530 - in trunk/libavcodec: vc1.c vc1acdata.h vc1data.h

[Rich Felker]

On Wed, Jun 28, 2006 at 01:49:01PM +0200, Erik Slagter wrote:
> > also please be carefull with malloc(x*y) code if the result of the 
> > multiplication doesnt fit in an int then this can under some curcumstances
> > be exploitable
> 
> This one was indeed brought under my attention lately. What is the
> agreed best practise to avoid these exploits? The only thing I can come
> up with, is testing x and y to have values that multiplied together
> never can grow beyond 32 (or 64) bits.

Test if (x > SIZE_MAX/y), and also cast to size_t before the multiply
for strict correctness.

Rich