From 4dce4206f0cafd0811f23aedc04a436aa9d145c1 Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Sun, 2 Sep 2007 15:19:18 +0000
Subject: use calloc() to avoid malloc(n * m) overflows; checked by djm canacar
 jsg

---
 src/lib/libc/string/bm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/libc/string/bm.c')

diff --git a/src/lib/libc/string/bm.c b/src/lib/libc/string/bm.c
index 829c24082e..2c4c6ca720 100644
--- a/src/lib/libc/string/bm.c
+++ b/src/lib/libc/string/bm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bm.c,v 1.6 2005/08/08 08:05:37 espie Exp $ */
+/*	$OpenBSD: bm.c,v 1.7 2007/09/02 15:19:18 deraadt Exp $ */
 /*-
  * Copyright (c) 1994
  *	The Regents of the University of California.  All rights reserved.
@@ -104,7 +104,7 @@ bm_comp(u_char const *pb, size_t len, u_char const *freq)
 		goto mem;
 	memcpy(pat->pat, pb, pat->patlen);
 						/* get skip delta */
-	if ((pat->delta = malloc(256 * sizeof(*d))) == NULL)
+	if ((pat->delta = calloc(256, sizeof(*d))) == NULL)
 		goto mem;
 	for (j = 0, d = pat->delta; j < 256; j++)
 		d[j] = pat->patlen;
-- 
cgit v1.2.3-55-g6feb