From: Thomas Roessler <roessler@does-not-exist.org>
Date: Tue, 8 Apr 2003 10:21:01 +0000 (+0000)
Subject: Try to catch a couple of cases in which parameters for malloc calls
X-Git-Tag: pre-type-punning-patch~103
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=65931dfdd0d1a6eea3fc1d73b6e9a048152dfb65;p=mutt

Try to catch a couple of cases in which parameters for malloc calls
could overflow.  Thanks to Timo Sirainen for the heads-up.
---

diff --git a/browser.c b/browser.c
index b94ba653..1ee315f0 100644
--- a/browser.c
+++ b/browser.c
@@ -797,7 +797,7 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num
 	  if (menu->tagged)
 	  {
 	    *numfiles = menu->tagged;
-	    tfiles = safe_malloc (*numfiles * sizeof (char *));
+	    tfiles = safe_calloc (*numfiles, sizeof (char *));
 	    for (i = 0, j = 0; i < state.entrylen; i++)
 	    {
 	      struct folder_file ff = state.entry[i];
@@ -814,7 +814,7 @@ void _mutt_select_file (char *f, size_t flen, int flags, char ***files, int *num
 	  else if (f[0]) /* no tagged entries. return selected entry */
 	  {
 	    *numfiles = 1;
-	    tfiles = safe_malloc (*numfiles * sizeof (char *));
+	    tfiles = safe_calloc (*numfiles, sizeof (char *));
 	    mutt_expand_path (f, flen);
 	    tfiles[0] = safe_strdup (f);
 	    *files = tfiles;
diff --git a/enter.c b/enter.c
index 5b956bf1..56dcb257 100644
--- a/enter.c
+++ b/enter.c
@@ -148,7 +148,7 @@ static void replace_part (ENTER_STATE *state, size_t from, char *buf)
 {
   /* Save the suffix */
   size_t savelen = state->lastchar - state->curpos;
-  wchar_t *savebuf = safe_malloc (savelen * sizeof (wchar_t));
+  wchar_t *savebuf = safe_calloc (savelen, sizeof (wchar_t));
   memcpy (savebuf, state->wbuf + state->curpos, savelen * sizeof (wchar_t));
 
   /* Convert to wide characters */
@@ -657,7 +657,7 @@ self_insert:
 	{
 	  char **tfiles;
 	  *numfiles = 1;
-	  tfiles = safe_malloc (*numfiles * sizeof (char *));
+	  tfiles = safe_calloc (*numfiles, sizeof (char *));
 	  mutt_expand_path (buf, buflen);
 	  tfiles[0] = safe_strdup (buf);
 	  *files = tfiles;
diff --git a/imap/imap.c b/imap/imap.c
index 18852aa1..42e5746f 100644
--- a/imap/imap.c
+++ b/imap/imap.c
@@ -665,8 +665,8 @@ int imap_open_mailbox (CONTEXT* ctx)
   }
 
   ctx->hdrmax = count;
-  ctx->hdrs = safe_malloc (count * sizeof (HEADER *));
-  ctx->v2r = safe_malloc (count * sizeof (int));
+  ctx->hdrs = safe_calloc (count, sizeof (HEADER *));
+  ctx->v2r = safe_calloc (count, sizeof (int));
   ctx->msgcount = 0;
   if (count && (imap_read_headers (idata, 0, count-1) < 0))
   {
diff --git a/lib.c b/lib.c
index 2a7e92cc..b40cc9cb 100644
--- a/lib.c
+++ b/lib.c
@@ -52,6 +52,13 @@ void *safe_calloc (size_t nmemb, size_t size)
 {
   void *p;
 
+  if (((size_t) -1) / nmemb <= size)
+  {
+    mutt_error _("Integer overflow -- can't allocate memory!");
+    sleep (1);
+    mutt_exit (1);
+  }
+  
   if (!nmemb || !size)
     return NULL;
   if (!(p = calloc (nmemb, size)))
diff --git a/mutt_idna.c b/mutt_idna.c
index fc3aec5f..b6d3140e 100644
--- a/mutt_idna.c
+++ b/mutt_idna.c
@@ -127,7 +127,7 @@ static int mbox_to_udomain (const char *mbx, char **user, char **domain)
   p = strchr (mbx, '@');
   if (!p)
     return -1;
-  *user = safe_malloc((p - mbx + 1) * sizeof(mbx[0]));
+  *user = safe_calloc((p - mbx + 1), sizeof(mbx[0]));
   strfcpy (*user, mbx, (p - mbx + 1));
   *domain = safe_strdup(p + 1);
   return 0;
diff --git a/mx.c b/mx.c
index 59f577d5..c00444f0 100644
--- a/mx.c
+++ b/mx.c
@@ -1537,7 +1537,15 @@ int mx_close_message (MESSAGE **msg)
 void mx_alloc_memory (CONTEXT *ctx)
 {
   int i;
-
+  size_t s = MAX (sizeof (HEADER *), sizeof (int));
+  
+  if ((ctx->hdrmax + 25) * s < ctx->hdrmax * s)
+  {
+    mutt_error _("Integer overflow -- can't allocate memory.");
+    sleep (1);
+    mutt_exit (1);
+  }
+  
   if (ctx->hdrs)
   {
     safe_realloc ((void **) &ctx->hdrs, sizeof (HEADER *) * (ctx->hdrmax += 25));
@@ -1545,8 +1553,8 @@ void mx_alloc_memory (CONTEXT *ctx)
   }
   else
   {
-    ctx->hdrs = safe_malloc (sizeof (HEADER *) * (ctx->hdrmax += 25));
-    ctx->v2r = safe_malloc (sizeof (int) * ctx->hdrmax);
+    ctx->hdrs = safe_calloc ((ctx->hdrmax += 25), sizeof (HEADER *));
+    ctx->v2r = safe_calloc (ctx->hdrmax, sizeof (int));
   }
   for (i = ctx->msgcount ; i < ctx->hdrmax ; i++)
   {
diff --git a/sendlib.c b/sendlib.c
index acd1f1e8..84ee8928 100644
--- a/sendlib.c
+++ b/sendlib.c
@@ -690,10 +690,10 @@ static size_t convert_file_to (FILE *file, const char *fromcode,
   if (cd1 == (iconv_t)(-1))
     return -1;
 
-  cd     = safe_malloc (ncodes * sizeof (iconv_t));
-  score  = safe_calloc (1, ncodes * sizeof (size_t));
-  states = safe_calloc (1, ncodes * sizeof (CONTENT_STATE));
-  infos  = safe_calloc (1, ncodes * sizeof (CONTENT));
+  cd     = safe_calloc (ncodes, sizeof (iconv_t));
+  score  = safe_calloc (ncodes, sizeof (size_t));
+  states = safe_calloc (ncodes, sizeof (CONTENT_STATE));
+  infos  = safe_calloc (ncodes, sizeof (CONTENT));
 
   for (i = 0; i < ncodes; i++)
     if (ascii_strcasecmp (tocodes[i], "UTF-8"))
diff --git a/smime.c b/smime.c
index 58755408..e342fb0d 100644
--- a/smime.c
+++ b/smime.c
@@ -379,7 +379,7 @@ char* smime_ask_for_key (char *prompt, char *mailbox, short public)
     }
     /* Read Entries */
     cur = 0;
-    Table = safe_malloc(sizeof (smime_id) * cert_num);
+    Table = safe_calloc(cert_num, sizeof (smime_id));
     while (!feof(index)) {
         numFields = fscanf (index, MUTT_FORMAT(STRING) " %x.%i " MUTT_FORMAT(STRING), fields[0], &hash,
           &hash_suffix, fields[2]);
diff --git a/thread.c b/thread.c
index 0896c24f..bd45392f 100644
--- a/thread.c
+++ b/thread.c
@@ -591,7 +591,7 @@ THREAD *mutt_sort_subthreads (THREAD *thread, int init)
 
   top = thread;
 
-  array = safe_malloc ((array_size = 256) * sizeof (THREAD *));
+  array = safe_calloc ((array_size = 256), sizeof (THREAD *));
   while (1)
   {
     if (init || !thread->sort_key)