From be0301f45850ca70db0f2ec8258e73615a0ec7be Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@gmx.de>
Date: Sun, 19 Aug 2012 10:50:39 +0200
Subject: calloc: check multiplication overflow

---
 sys/src/libc/port/malloc.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'sys/src/libc/port/malloc.c')

diff --git a/sys/src/libc/port/malloc.c b/sys/src/libc/port/malloc.c
index 741316926..e23e1f53b 100644
--- a/sys/src/libc/port/malloc.c
+++ b/sys/src/libc/port/malloc.c
@@ -280,10 +280,13 @@ msize(void *v)
 }
 
 void*
-calloc(ulong n, ulong szelem)
+calloc(ulong n, ulong s)
 {
 	void *v;
-	if(v = mallocz(n*szelem, 1))
+
+	if(n > 1 && ((ulong)-1)/n < s)
+		return nil;
+	if(v = mallocz(n*s, 1))
 		setmalloctag(v, getcallerpc(&n));
 	return v;
 }
-- 
cgit v1.2.3