From e10c1eb9908c2774c16b3148b30d2f3823d66a9a Mon Sep 17 00:00:00 2001 From: Xi Wang Date: Thu, 15 Mar 2012 04:46:49 +0800 Subject: [PATCH] Fix calloc() overflow * malloc.c (calloc): Check multiplication overflow in calloc(), assuming REDIRECT_MALLOC. --- malloc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/malloc.c b/malloc.c index da68f133..cc0cc001 100644 --- a/malloc.c +++ b/malloc.c @@ -372,8 +372,13 @@ void * malloc(size_t lb) } #endif /* GC_LINUX_THREADS */ +#ifndef SIZE_MAX +#define SIZE_MAX (~(size_t)0) +#endif void * calloc(size_t n, size_t lb) { + if (lb && n > SIZE_MAX / lb) + return NULL; # if defined(GC_LINUX_THREADS) /* && !defined(USE_PROC_FOR_LIBRARIES) */ /* libpthread allocated some memory that is only pointed to by */ /* mmapped thread stacks. Make sure it's not collectable. */ -- 2.40.0