could overflow. Thanks to Timo Sirainen for the heads-up.
if (menu->tagged)
{
*numfiles = menu->tagged;
- tfiles = safe_malloc (*numfiles * sizeof (char *));
+ tfiles = safe_calloc (*numfiles, sizeof (char *));
for (i = 0, j = 0; i < state.entrylen; i++)
{
struct folder_file ff = state.entry[i];
else if (f[0]) /* no tagged entries. return selected entry */
{
*numfiles = 1;
- tfiles = safe_malloc (*numfiles * sizeof (char *));
+ tfiles = safe_calloc (*numfiles, sizeof (char *));
mutt_expand_path (f, flen);
tfiles[0] = safe_strdup (f);
*files = tfiles;
{
/* Save the suffix */
size_t savelen = state->lastchar - state->curpos;
- wchar_t *savebuf = safe_malloc (savelen * sizeof (wchar_t));
+ wchar_t *savebuf = safe_calloc (savelen, sizeof (wchar_t));
memcpy (savebuf, state->wbuf + state->curpos, savelen * sizeof (wchar_t));
/* Convert to wide characters */
{
char **tfiles;
*numfiles = 1;
- tfiles = safe_malloc (*numfiles * sizeof (char *));
+ tfiles = safe_calloc (*numfiles, sizeof (char *));
mutt_expand_path (buf, buflen);
tfiles[0] = safe_strdup (buf);
*files = tfiles;
}
ctx->hdrmax = count;
- ctx->hdrs = safe_malloc (count * sizeof (HEADER *));
- ctx->v2r = safe_malloc (count * sizeof (int));
+ ctx->hdrs = safe_calloc (count, sizeof (HEADER *));
+ ctx->v2r = safe_calloc (count, sizeof (int));
ctx->msgcount = 0;
if (count && (imap_read_headers (idata, 0, count-1) < 0))
{
{
void *p;
+ if (((size_t) -1) / nmemb <= size)
+ {
+ mutt_error _("Integer overflow -- can't allocate memory!");
+ sleep (1);
+ mutt_exit (1);
+ }
+
if (!nmemb || !size)
return NULL;
if (!(p = calloc (nmemb, size)))
p = strchr (mbx, '@');
if (!p)
return -1;
- *user = safe_malloc((p - mbx + 1) * sizeof(mbx[0]));
+ *user = safe_calloc((p - mbx + 1), sizeof(mbx[0]));
strfcpy (*user, mbx, (p - mbx + 1));
*domain = safe_strdup(p + 1);
return 0;
void mx_alloc_memory (CONTEXT *ctx)
{
int i;
-
+ size_t s = MAX (sizeof (HEADER *), sizeof (int));
+
+ if ((ctx->hdrmax + 25) * s < ctx->hdrmax * s)
+ {
+ mutt_error _("Integer overflow -- can't allocate memory.");
+ sleep (1);
+ mutt_exit (1);
+ }
+
if (ctx->hdrs)
{
safe_realloc ((void **) &ctx->hdrs, sizeof (HEADER *) * (ctx->hdrmax += 25));
}
else
{
- ctx->hdrs = safe_malloc (sizeof (HEADER *) * (ctx->hdrmax += 25));
- ctx->v2r = safe_malloc (sizeof (int) * ctx->hdrmax);
+ ctx->hdrs = safe_calloc ((ctx->hdrmax += 25), sizeof (HEADER *));
+ ctx->v2r = safe_calloc (ctx->hdrmax, sizeof (int));
}
for (i = ctx->msgcount ; i < ctx->hdrmax ; i++)
{
if (cd1 == (iconv_t)(-1))
return -1;
- cd = safe_malloc (ncodes * sizeof (iconv_t));
- score = safe_calloc (1, ncodes * sizeof (size_t));
- states = safe_calloc (1, ncodes * sizeof (CONTENT_STATE));
- infos = safe_calloc (1, ncodes * sizeof (CONTENT));
+ cd = safe_calloc (ncodes, sizeof (iconv_t));
+ score = safe_calloc (ncodes, sizeof (size_t));
+ states = safe_calloc (ncodes, sizeof (CONTENT_STATE));
+ infos = safe_calloc (ncodes, sizeof (CONTENT));
for (i = 0; i < ncodes; i++)
if (ascii_strcasecmp (tocodes[i], "UTF-8"))
}
/* Read Entries */
cur = 0;
- Table = safe_malloc(sizeof (smime_id) * cert_num);
+ Table = safe_calloc(cert_num, sizeof (smime_id));
while (!feof(index)) {
numFields = fscanf (index, MUTT_FORMAT(STRING) " %x.%i " MUTT_FORMAT(STRING), fields[0], &hash,
&hash_suffix, fields[2]);
top = thread;
- array = safe_malloc ((array_size = 256) * sizeof (THREAD *));
+ array = safe_calloc ((array_size = 256), sizeof (THREAD *));
while (1)
{
if (init || !thread->sort_key)
projects / mutt / commitdiff