[PATCH] xdr_array and calloc security fix
Wolfram Gloger
wmglo@dent.med.uni-muenchen.de
Fri Aug 2 02:29:00 GMT 2002
Hi,
> + /* size_t is unsigned so the behavior on overflow is defined. */
> + bytes = n * elem_size;
> + if (bytes / elem_size != n) {
> + MALLOC_FAILURE_ACTION;
> + return 0;
> + }
This is of course correct, but some (long) time ago I've measured that
the cost for the division is quite noticeable, for say, the very
common calloc(1, small_size).
I've given up on being able to do this fast _and_ portably.
Do we already have some system-specific mechanism to detect the rare
overflow case for a 32bit-multiplication without having to perform a
division?
Regards,
Wolfram.
More information about the Libc-hacker
mailing list