ref: d40194f978486b914c1e1251686891577f0860dd
parent: f4afb03d15eb266e0e47cd97a514a68e69a674d4
author: cinap_lenrek <cinap_lenrek@gmx.de>
date: Sun Aug 19 06:50:39 EDT 2012
calloc: check multiplication overflow
--- a/sys/src/ape/lib/ap/gen/calloc.c
+++ b/sys/src/ape/lib/ap/gen/calloc.c
@@ -2,12 +2,14 @@
#include <string.h>
void *
-calloc(size_t nmemb, size_t size)
+calloc(size_t n, size_t s)
{- void *mp;
+ void *v;
- nmemb = nmemb*size;
- if(mp = malloc(nmemb))
- memset(mp, 0, nmemb);
- return(mp);
+ if(n > 1 && ((size_t)-1)/n < s)
+ return 0;
+ n *= s;
+ if(v = malloc(n))
+ memset(v, 0, n);
+ return v;
}
--- a/sys/src/libc/port/malloc.c
+++ b/sys/src/libc/port/malloc.c
@@ -280,10 +280,13 @@
}
void*
-calloc(ulong n, ulong szelem)
+calloc(ulong n, ulong s)
{void *v;
- if(v = mallocz(n*szelem, 1))
+
+ if(n > 1 && ((ulong)-1)/n < s)
+ return nil;
+ if(v = mallocz(n*s, 1))
setmalloctag(v, getcallerpc(&n));
return v;
}
--
⑨