il_caloverflow Cdiff usr/src/lib/libmtmalloc/common/mtmalloc.c

Print this page

XXXX all calloc() implementations should check overflow


*** 329,339 ****
  
  void *
  calloc(size_t nelem, size_t bytes)
  {
          void * ptr;
!         size_t size = nelem * bytes;
  
          ptr = malloc(size);
          if (ptr == NULL)
                  return (NULL);
          (void) memset(ptr, 0, size);
--- 329,351 ----
  
  void *
  calloc(size_t nelem, size_t bytes)
  {
          void * ptr;
!         size_t size;
! 
!         if (nelem == 0 || bytes == 0) {
!                 size = 0;
!         } else {
!                 size = nelem * bytes;
! 
!                 /* check for overflow */
!                 if (size / nelem != bytes) {
!                         errno = ENOMEM;
!                         return (NULL);
!                 }
!         }
  
          ptr = malloc(size);
          if (ptr == NULL)
                  return (NULL);
          (void) memset(ptr, 0, size);