Security-58286.20.16.tar.gz

[apple/security.git] / OSX / libsecurity_utilities / lib / alloc.h

diff --git a/OSX/libsecurity_utilities/lib/alloc.h b/OSX/libsecurity_utilities/lib/alloc.h
index 83403e01cfb04d5fdd2d24e3ce55a4652153b218..411b58cb9353d1633f78d5b74888c7dbdd2d6dd8 100644 (file)
--- a/OSX/libsecurity_utilities/lib/alloc.h
+++ b/OSX/libsecurity_utilities/lib/alloc.h
@@ -74,8 +74,13 @@ public:
        // All right, if you *really* have to have calloc...
        void *calloc(size_t size, size_t count) throw(std::bad_alloc)
        {
-               void *addr = malloc(size * count);
-               memset(addr, 0, size * count);
+        size_t bytes = 0;
+        if(__builtin_mul_overflow(size, count, &bytes)) {
+            // Multiplication overflowed.
+            throw std::bad_alloc();
+        }
+               void *addr = malloc(bytes);
+               memset(addr, 0, bytes);
                return addr;
        }