Hi, after explaining the slightly wasteful usage of malloc()/memcpy() with multi-block CE entries, i noticed that i did not install a safety cap on the malloc size. Attached is a patch for susp_rr.c. I could not challenge this in practice but only by gdb manipulation. My most CE-happy test image has 3 occasions of multi-block CE. All three only span over 2 blocks each. Have a nice day :) Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: susp_rr.diff Type: text/x-patch Size: 583 bytes Desc: not available URL: <http://www.zytor.com/pipermail/syslinux/attachments/20130401/80e32e34/attachment.bin>