Print this page
4922 all calloc() implementations should check for overflow

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/libmtmalloc/common/mtmalloc.c
          +++ new/usr/src/lib/libmtmalloc/common/mtmalloc.c
↓ open down ↓ 323 lines elided ↑ open up ↑
 324  324              MIN(cacheptr->mt_size - OVERHEAD - shift, bytes));
 325  325          free(ptr);
 326  326  
 327  327          return (new);
 328  328  }
 329  329  
 330  330  void *
 331  331  calloc(size_t nelem, size_t bytes)
 332  332  {
 333  333          void * ptr;
 334      -        size_t size = nelem * bytes;
      334 +        size_t size;
      335 +
      336 +        if (nelem == 0 || bytes == 0) {
      337 +                size = 0;
      338 +        } else {
      339 +                size = nelem * bytes;
      340 +
      341 +                /* check for overflow */
      342 +                if ((size / nelem) != bytes) {
      343 +                        errno = ENOMEM;
      344 +                        return (NULL);
      345 +                }
      346 +        }
 335  347  
 336  348          ptr = malloc(size);
 337  349          if (ptr == NULL)
 338  350                  return (NULL);
 339  351          (void) memset(ptr, 0, size);
 340  352  
 341  353          return (ptr);
 342  354  }
 343  355  
 344  356  void
↓ open down ↓ 1211 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX