Print this page
4922 all calloc() implementations should check for overflow

@@ -205,15 +205,27 @@
 
 void *
 calloc(size_t num, size_t size)
 {
         void *  mp;
+        size_t  total;
 
-        num *= size;
-        if ((mp = malloc(num)) == NULL)
+        if (num == 0 || size == 0) {
+                total = 0;
+        } else {
+                total = num * size;
+
+                /* check for overflow */
+                if ((total / num) != size) {
+                        errno = ENOMEM;
                 return (NULL);
-        (void) memset(mp, 0, num);
+                }
+        }
+
+        if ((mp = malloc(total)) == NULL)
+                return (NULL);
+        (void) memset(mp, 0, total);
         return (mp);
 }
 
 void *
 realloc(void *ptr, size_t size)