Print this page
4922 all calloc() implementations should check for overflow

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/sgs/rtld/common/malloc.c
          +++ new/usr/src/cmd/sgs/rtld/common/malloc.c
↓ open down ↓ 199 lines elided ↑ open up ↑
 200  200          scribble((ulong_t *)&block->memstart, NEWMEM, block->size);
 201  201  #endif
 202  202          block->status = BUSY;
 203  203          return (&block->memstart);
 204  204  }
 205  205  
 206  206  void *
 207  207  calloc(size_t num, size_t size)
 208  208  {
 209  209          void *  mp;
      210 +        size_t  total;
 210  211  
 211      -        num *= size;
 212      -        if ((mp = malloc(num)) == NULL)
      212 +        if (num == 0 || size == 0) {
      213 +                total = 0;
      214 +        } else {
      215 +                total = num * size;
      216 +
      217 +                /* check for overflow */
      218 +                if ((total / num) != size) {
      219 +                        errno = ENOMEM;
      220 +                        return (NULL);
      221 +                }
      222 +        }
      223 +
      224 +        if ((mp = malloc(total)) == NULL)
 213  225                  return (NULL);
 214      -        (void) memset(mp, 0, num);
      226 +        (void) memset(mp, 0, total);
 215  227          return (mp);
 216  228  }
 217  229  
 218  230  void *
 219  231  realloc(void *ptr, size_t size)
 220  232  {
 221  233          struct block    *block;
 222  234          size_t          osize;
 223  235          void *          newptr;
 224  236  
↓ open down ↓ 97 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX