Fix calloc() overflow

* malloc.c (calloc): Check multiplication overflow in calloc(), assuming REDIRECT_MALLOC.
ivmai · Mar 15, 2012 · e10c1eb · e10c1eb
1 parent a268866
commit e10c1eb
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/malloc.c b/malloc.c
@@ -372,8 +372,13 @@ void * malloc(size_t lb)
   }
 #endif /* GC_LINUX_THREADS */
 
+#ifndef SIZE_MAX
+#define SIZE_MAX (~(size_t)0)
+#endif
 void * calloc(size_t n, size_t lb)
 {
+    if (lb && n > SIZE_MAX / lb)
+      return NULL;
 #   if defined(GC_LINUX_THREADS) /* && !defined(USE_PROC_FOR_LIBRARIES) */
         /* libpthread allocated some memory that is only pointed to by  */
         /* mmapped thread stacks.  Make sure it's not collectable.      */