Permalink
Browse files

Fix calloc() overflow

* malloc.c (calloc): Check multiplication overflow in calloc(),
assuming REDIRECT_MALLOC.
  • Loading branch information...
1 parent a268866 commit e10c1eb9908c2774c16b3148b30d2f3823d66a9a @xiw xiw committed with Mar 14, 2012
Showing with 5 additions and 0 deletions.
  1. +5 −0 malloc.c
View
@@ -372,8 +372,13 @@ void * malloc(size_t lb)
}
#endif /* GC_LINUX_THREADS */
+#ifndef SIZE_MAX
+#define SIZE_MAX (~(size_t)0)
+#endif
void * calloc(size_t n, size_t lb)
{
+ if (lb && n > SIZE_MAX / lb)
+ return NULL;
# if defined(GC_LINUX_THREADS) /* && !defined(USE_PROC_FOR_LIBRARIES) */
/* libpthread allocated some memory that is only pointed to by */
/* mmapped thread stacks. Make sure it's not collectable. */

0 comments on commit e10c1eb

Please sign in to comment.