Security-59306.120.7.tar.gz

[apple/security.git] / OSX / libsecurity_cdsa_utilities / lib / cssmalloc.cpp

diff --git a/OSX/libsecurity_cdsa_utilities/lib/cssmalloc.cpp b/OSX/libsecurity_cdsa_utilities/lib/cssmalloc.cpp
index b2a476722c384a0006d0e59d32a5e346233ffd66..63d262b28d2170751c5137f0a19d0acf6263fbfd 100644 (file)
--- a/OSX/libsecurity_cdsa_utilities/lib/cssmalloc.cpp
+++ b/OSX/libsecurity_cdsa_utilities/lib/cssmalloc.cpp
@@ -30,6 +30,7 @@
 #include <security_cdsa_utilities/cssmalloc.h>
 #include <stdlib.h>
 #include <errno.h>
+#include <os/overflow.h>
 
 
 
@@ -73,8 +74,12 @@ void *CssmAllocatorMemoryFunctions::relayRealloc(void *mem, size_t size, void *r
 void *CssmAllocatorMemoryFunctions::relayCalloc(uint32 count, size_t size, void *ref) throw(std::bad_alloc)
 {
        // Allocator doesn't have a calloc() method
-       void *mem = allocator(ref).malloc(size * count);
-       memset(mem, 0, size * count);
+       size_t alloc_size = 0;
+       if (os_mul_overflow(count, size, &alloc_size)) {
+               return NULL;
+       }
+       void *mem = allocator(ref).malloc(alloc_size);
+       memset(mem, 0, alloc_size);
        return mem;
 }