Print this page
4922 all calloc() implementations should check for overflow
*** 205,219 ****
void *
calloc(size_t num, size_t size)
{
void * mp;
! num *= size;
! if ((mp = malloc(num)) == NULL)
return (NULL);
! (void) memset(mp, 0, num);
return (mp);
}
void *
realloc(void *ptr, size_t size)
--- 205,231 ----
void *
calloc(size_t num, size_t size)
{
void * mp;
+ size_t total;
! if (num == 0 || size == 0) {
! total = 0;
! } else {
! total = num * size;
!
! /* check for overflow */
! if ((total / num) != size) {
! errno = ENOMEM;
return (NULL);
! }
! }
!
! if ((mp = malloc(total)) == NULL)
! return (NULL);
! (void) memset(mp, 0, total);
return (mp);
}
void *
realloc(void *ptr, size_t size)