From e10c1eb9908c2774c16b3148b30d2f3823d66a9a Mon Sep 17 00:00:00 2001
From: Xi Wang <xi.wang@gmail.com>
Date: Thu, 15 Mar 2012 04:46:49 +0800
Subject: [PATCH] Fix calloc() overflow

* malloc.c (calloc): Check multiplication overflow in calloc(),
assuming REDIRECT_MALLOC.
---
 malloc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/malloc.c b/malloc.c
index da68f13..cc0cc00 100644
--- a/malloc.c
+++ b/malloc.c
@@ -372,8 +372,13 @@ void * malloc(size_t lb)
   }
 #endif /* GC_LINUX_THREADS */
 
+#ifndef SIZE_MAX
+#define SIZE_MAX (~(size_t)0)
+#endif
 void * calloc(size_t n, size_t lb)
 {
+    if (lb && n > SIZE_MAX / lb)
+      return NULL;
 #   if defined(GC_LINUX_THREADS) /* && !defined(USE_PROC_FOR_LIBRARIES) */
         /* libpthread allocated some memory that is only pointed to by  */
         /* mmapped thread stacks.  Make sure it's not collectable.      */
-- 
2.7.4