all calloc() implementations should check for overflow
We have a depressing number of calloc() implementations, only a subset of which check for integer overflow.
The remaining ones, aside from compatibility concerns or futility, should check too. These include mapmalloc, mtmalloc, libmalloc, and the rtld calloc.
Updated by Rich Lowe almost 6 years ago
This leaves libbc, which in general we leave exactly as broken as it always was, given its purpose, and libld_calloc (a macro which just does the multiplication) as not any more worth fixing than every other case where we do malloc(a * b) and don't check overflow -- worth it, but not necessarily worth it now, or piecemeal.
Updated by Electric Monk over 5 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
commit 31c6d826a7f7a4ee7d83c8e99f25d82a4a248076 Author: Richard Lowe <email@example.com> Date: 2014-07-19T23:07:30.000Z 4922 all calloc() implementations should check for overflow Reviewed by: Hans Rosenfeld <firstname.lastname@example.org> Reviewed by: Marcel Telka <email@example.com> Approved by: Dan McDonald <firstname.lastname@example.org>