convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53

potential integer overflows easily changed into an allocation return
of NULL, with errno nicely set if need be.  checks for an allocations
returning NULL are commonplace, or if the object is dereferenced
(quite normal) will result in a nice fault which can be detected &
repaired properly.
ok tedu

2 files changed, 2 insertions, 2 deletions

diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c
index 3aeb7e54ff..8101f7722d 100644
--- a/src/lib/libcrypto/asn1/a_set.c
+++ b/src/lib/libcrypto/asn1/a_set.c
@@ -121,7 +121,7 @@ i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, i2d_of_void *i2d,
 
         pStart  = p;    /* Catch the beg of Setblobs*/
         /* In this array we will store the SET blobs */
-        rgSetBlob = malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
+        rgSetBlob = reallocarray(NULL, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB));
         if (rgSetBlob == NULL) {
                 ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
                 return 0;
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
index f5fc8820f6..cfceabe5a9 100644
--- a/src/lib/libcrypto/asn1/tasn_enc.c
+++ b/src/lib/libcrypto/asn1/tasn_enc.c
@@ -435,7 +435,7 @@ asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen,
                 if (sk_ASN1_VALUE_num(sk) < 2)
                         do_sort = 0;
                 else {
-                        derlst = malloc(sk_ASN1_VALUE_num(sk) *
+                        derlst = reallocarray(NULL, sk_ASN1_VALUE_num(sk),
                             sizeof(*derlst));
                         tmpdat = malloc(skcontlen);
                         if (!derlst || !tmpdat) {