From 4dce4206f0cafd0811f23aedc04a436aa9d145c1 Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Sun, 2 Sep 2007 15:19:18 +0000
Subject: use calloc() to avoid malloc(n * m) overflows; checked by djm canacar
 jsg

---
 src/lib/libc/stdlib/hcreate.c   | 4 ++--
 src/lib/libc/stdlib/radixsort.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/lib/libc/stdlib')

diff --git a/src/lib/libc/stdlib/hcreate.c b/src/lib/libc/stdlib/hcreate.c
index f8df1bcd7c..094f32c173 100644
--- a/src/lib/libc/stdlib/hcreate.c
+++ b/src/lib/libc/stdlib/hcreate.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: hcreate.c,v 1.3 2005/10/10 17:37:44 espie Exp $	*/
+/*	$OpenBSD: hcreate.c,v 1.4 2007/09/02 15:19:17 deraadt Exp $	*/
 /*	$NetBSD: hcreate.c,v 1.5 2004/04/23 02:48:12 simonb Exp $	*/
 
 /*
@@ -117,7 +117,7 @@ hcreate(size_t nel)
 	
 	/* Allocate the table. */
 	htablesize = nel;
-	htable = malloc(htablesize * sizeof htable[0]);
+	htable = calloc(htablesize, sizeof htable[0]);
 	if (htable == NULL) {
 		errno = ENOMEM;
 		return 0;
diff --git a/src/lib/libc/stdlib/radixsort.c b/src/lib/libc/stdlib/radixsort.c
index 0b2ff27044..49d03b52d5 100644
--- a/src/lib/libc/stdlib/radixsort.c
+++ b/src/lib/libc/stdlib/radixsort.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: radixsort.c,v 1.8 2005/08/08 08:05:37 espie Exp $ */
+/*	$OpenBSD: radixsort.c,v 1.9 2007/09/02 15:19:17 deraadt Exp $ */
 /*-
  * Copyright (c) 1990, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -104,7 +104,7 @@ sradixsort(const u_char **a, int n, const u_char *tab, u_int endch)
 	if (n < THRESHOLD)
 		simplesort(a, n, 0, tr, endch);
 	else {
-		if ((ta = malloc(n * sizeof(a))) == NULL)
+		if ((ta = calloc(n, sizeof(a))) == NULL)
 			return (-1);
 		r_sort_b(a, ta, n, 0, tr, endch);
 		free(ta);
-- 
cgit v1.2.3-55-g6feb