[PATCH] xdr_array and calloc security fix

[Wolfram Gloger]

Hi,

> +  /* size_t is unsigned so the behavior on overflow is defined.  */
> +  bytes = n * elem_size;
> +  if (bytes / elem_size != n) {
> +    MALLOC_FAILURE_ACTION;
> +    return 0;
> +  }

This is of course correct, but some (long) time ago I've measured that
the cost for the division is quite noticeable, for say, the very
common calloc(1, small_size).

I've given up on being able to do this fast _and_ portably.

Do we already have some system-specific mechanism to detect the rare
overflow case for a 32bit-multiplication without having to perform a
division?

Regards,
Wolfram.