il_caloverflow Udiff usr/src/lib/libmtmalloc/common/mtmalloc.c

Print this page

XXXX all calloc() implementations should check overflow

@@ -329,11 +329,23 @@
 
 void *
 calloc(size_t nelem, size_t bytes)
 {
         void * ptr;
-        size_t size = nelem * bytes;
+        size_t size;
+
+        if (nelem == 0 || bytes == 0) {
+                size = 0;
+        } else {
+                size = nelem * bytes;
+
+                /* check for overflow */
+                if (size / nelem != bytes) {
+                        errno = ENOMEM;
+                        return (NULL);
+                }
+        }
 
         ptr = malloc(size);
         if (ptr == NULL)
                 return (NULL);
         (void) memset(ptr, 0, size);