From 0950889b810736fe7ad340a13a5ecf76672e1a84 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Fri, 2 Aug 2002 01:27:46 +0000 Subject: (public_cALLOc): Check for overflow on multiplication. --- malloc/malloc.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'malloc') diff --git a/malloc/malloc.c b/malloc/malloc.c index cee3f322a0..cd40626504 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -3452,16 +3452,23 @@ public_cALLOc(size_t n, size_t elem_size) { mstate av; mchunkptr oldtop, p; - INTERNAL_SIZE_T sz, csz, oldtopsize; + INTERNAL_SIZE_T bytes, sz, csz, oldtopsize; Void_t* mem; unsigned long clearsize; unsigned long nclears; INTERNAL_SIZE_T* d; - __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, __const __malloc_ptr_t)) = __malloc_hook; + + /* size_t is unsigned so the behavior on overflow is defined. */ + bytes = n * elem_size; + if (bytes / elem_size != n) { + MALLOC_FAILURE_ACTION; + return 0; + } + if (hook != NULL) { - sz = n * elem_size; + sz = bytes; mem = (*hook)(sz, RETURN_ADDRESS (0)); if(mem == 0) return 0; @@ -3473,8 +3480,7 @@ public_cALLOc(size_t n, size_t elem_size) #endif } - /* FIXME: check for overflow on multiplication. */ - sz = n * elem_size; + sz = bytes; arena_get(av, sz); if(!av) -- cgit v1.2.3-70-g09d2