Menu
▾
▴
[fuse-emulator-cvs] SF.net SVN: fuse-emulator:[5127] trunk/libspectrum
|
From: <zu...@us...> - 2015-03-02 22:32:13
|
Revision: 5127
http://sourceforge.net/p/fuse-emulator/code/5127
Author: zubzero
Date: 2015-03-02 22:32:05 +0000 (Mon, 02 Mar 2015)
Log Message:
-----------
Check for overflow in libspectrum_calloc()
Modified Paths:
--------------
trunk/libspectrum/hacking/ChangeLog
trunk/libspectrum/memory.c
Modified: trunk/libspectrum/hacking/ChangeLog
===================================================================
--- trunk/libspectrum/hacking/ChangeLog 2015-03-02 21:12:30 UTC (rev 5126)
+++ trunk/libspectrum/hacking/ChangeLog 2015-03-02 22:32:05 UTC (rev 5127)
@@ -985,3 +985,4 @@
tzx_read.c,tzx_write.c,warajevo_read.c,wav.c,z80.c,z80em.c,zlib.c,
zxs.c: use libspectrum_{new,new0,renew}() macros where
sizeof(elem) == 1 (Stuart).
+20150302 memory.c: check for overflow in libspectrum_calloc() (Stuart).
Modified: trunk/libspectrum/memory.c
===================================================================
--- trunk/libspectrum/memory.c 2015-03-02 21:12:30 UTC (rev 5126)
+++ trunk/libspectrum/memory.c 2015-03-02 22:32:05 UTC (rev 5127)
@@ -48,8 +48,12 @@
void*
libspectrum_calloc( size_t nmemb, size_t size )
{
- void *ptr = libspectrum_calloc_fn( nmemb, size );
+ void *ptr;
+ if( nmemb > SIZE_MAX / size ) abort();
+
+ ptr = libspectrum_calloc_fn( nmemb, size );
+
/* If nmemb * size == 0, acceptable to return NULL */
if( ( nmemb * size ) && !ptr ) abort();
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
