Florian Ernst wrote:
> On Sat, May 28, 2005 at 12:32:39AM +0200, Florian Ernst wrote:
> > Find attached the backported patch I sent to the security team.
>
> Well, now, really, that is.
I may be stupid, but how can this prevent an integer overflow:
- thunk_table=(PE_THUNK_DATA*)malloc(sizeof *thunk_table *
thunk_count);
+ if (thunk_count) {
+ thunk_table=(PE_THUNK_DATA*)malloc(sizeof *thunk_table
* thunk_count);
Just set thunk_count to MAX_UINT-1 and see what the result of
the multiplication is.
Regards,
Joey
--
Long noun chains don't automatically imply security. -- Bruce Schneier
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
