From 8500ea906a6b99f0e4dbe41bceb7187c7fb7da8b Mon Sep 17 00:00:00 2001
From: Jakob Kaivo <jkk@ung.org>
Date: Thu, 13 Aug 2020 10:36:39 -0400
Subject: fail if nmemb * size overflows

---
 src/stdlib/calloc.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/stdlib/calloc.c b/src/stdlib/calloc.c
index aeed4aef..ec5fbfdb 100644
--- a/src/stdlib/calloc.c
+++ b/src/stdlib/calloc.c
@@ -6,12 +6,17 @@
 void * calloc(size_t nmemb, size_t size)
 {
 	void *p = NULL;
+	size_t total = nmemb * size;
+
+	if (total < nmemb || total < size) {
+		return NULL;
+	}
 
 	if (nmemb == 0 || size == 0) {
 		return NULL;
 	}
 
-	p = realloc(NULL, size * nmemb);
+	p = malloc(total);
 	if (p != NULL) {
 		memset(p, 0, size * nmemb);
 	}
-- 
cgit v1.2.1