From 169826d93df13610ef334e257134dda181da2669 Mon Sep 17 00:00:00 2001
From: Xi Wang <xi.wang@gmail.com>
Date: Thu, 15 Mar 2012 04:46:49 +0800
Subject: [PATCH 1/4] Fix calloc() overflow
* malloc.c (calloc): Check multiplication overflow in calloc(),
assuming REDIRECT_MALLOC.
---
malloc.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/malloc.c b/malloc.c
index 99db924..a502844 100644
--- a/malloc.c
+++ b/malloc.c
@@ -347,8 +347,13 @@ void * malloc(size_t lb)
}
#endif
+#ifndef SIZE_MAX
+#define SIZE_MAX (~(size_t)0)
+#endif
void * calloc(size_t n, size_t lb)
{
+ if (lb && n > SIZE_MAX / lb)
+ return NULL;
# if defined(GC_LINUX_THREADS) /* && !defined(USE_PROC_FOR_LIBRARIES) */
/* libpthread allocated some memory that is only pointed to by */
/* mmapped thread stacks. Make sure it's not collectable. */
--
1.7.10.2