From febe690623d42ba66b12fe6cefdf0935dd5ae593 Mon Sep 17 00:00:00 2001
From: obarthel <obarthel@gmx.net>
Date: Sat, 8 Jul 2017 18:10:28 +0200
Subject: [PATCH] This got lost last year

The missing calloc() overflow test never made it to the CVS or git repositories :-(
---
 library/stdlib_calloc.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/library/stdlib_calloc.c b/library/stdlib_calloc.c
index c347b6b..be3e70e 100644
--- a/library/stdlib_calloc.c
+++ b/library/stdlib_calloc.c
@@ -59,13 +59,25 @@ __calloc(size_t num_elements,size_t element_size,const char * file,int line)
 	}
 	#endif /* __MEM_DEBUG */
 
+	/* This might overflow. */
 	total_size = num_elements * element_size;
-
-	result = __malloc(total_size,file,line);
-	if(result != NULL)
-		memset(result,0,total_size);
+	
+	/* No arithmetic overflow? */
+	if(total_size >= num_elements)
+	{
+		result = __malloc(total_size,file,line);
+		if(result != NULL)
+			memset(result,0,total_size);
+		else
+			SHOWMSG("memory allocation failure");
+	}
+	/* Multiplying the number and size of elements overflows
+	 * the size_t range.
+	 */
 	else
-		SHOWMSG("memory allocation failure");
+	{
+		D(("calloc(num_elements=%ld, element_size=%ld) overflow"));
+	}
 
 	return(result);
 }