4922 all calloc() implementations should check for overflow

Reviewed by: Hans Rosenfeld <hans.rosenfeld@nexenta.com> Reviewed by: Marcel Telka <marcel.telka@nexenta.com> Approved by: Dan McDonald <danmcd@omniti.com>
author: Richard Lowe <richlowe@richlowe.net> 2014-06-12 00:36:19 +0100
committer: Richard Lowe <richlowe@richlowe.net> 2014-07-19 19:07:30 -0400
commit: 31c6d826a7f7a4ee7d83c8e99f25d82a4a248076 (patch)
tree: 2561c529eecbf6f7174408c0716d38a09c21bbd1 /usr/src/lib/libmtmalloc/common/mtmalloc.c
parent: d9c5840bd764434fd93f85a52eb4cbc24bff03da (diff)
download: illumos-gate-31c6d826a7f7a4ee7d83c8e99f25d82a4a248076.tar.gz
1 files changed, 13 insertions, 1 deletions
diff --git a/usr/src/lib/libmtmalloc/common/mtmalloc.c b/usr/src/lib/libmtmalloc/common/mtmalloc.c
index 91d9ae2371..0cf998c952 100644
--- a/usr/src/lib/libmtmalloc/common/mtmalloc.c
+++ b/usr/src/lib/libmtmalloc/common/mtmalloc.c
@@ -331,7 +331,19 @@ void *
 calloc(size_t nelem, size_t bytes)
 {
 	void * ptr;
-	size_t size = nelem * bytes;
+	size_t size;
+
+	if (nelem == 0 || bytes == 0) {
+		size = 0;
+	} else {
+		size = nelem * bytes;
+
+		/* check for overflow */
+		if ((size / nelem) != bytes) {
+			errno = ENOMEM;
+			return (NULL);
+		}
+	}
 
 	ptr = malloc(size);
 	if (ptr == NULL)
author	Richard Lowe <richlowe@richlowe.net>	2014-06-12 00:36:19 +0100
committer	Richard Lowe <richlowe@richlowe.net>	2014-07-19 19:07:30 -0400
commit	31c6d826a7f7a4ee7d83c8e99f25d82a4a248076 (patch)
tree	2561c529eecbf6f7174408c0716d38a09c21bbd1 /usr/src/lib/libmtmalloc/common/mtmalloc.c
parent	d9c5840bd764434fd93f85a52eb4cbc24bff03da (diff)
download	illumos-gate-31c6d826a7f7a4ee7d83c8e99f25d82a4a248076.tar.gz