Some places in the dynamic allocation code multiply the element size by the
element count. This multiplication could potentially overflow, causing too
little amount of memory to be allocated and consequently writing past buffer
size.
Original issue reported on code.google.com by Petteri.Aimonen on 17 May 2014 at 6:19
Original issue reported on code.google.com by
Petteri.Aimonen
on 17 May 2014 at 6:19