commit | 292650f04c2b5348b4efbad61fb014ed09b4f3f2 | [log] [tgz] |
---|---|---|
author | Ben Hutchings <ben@decadent.org.uk> | Wed Apr 28 04:29:50 2021 +0200 |
committer | Ben Hutchings <ben@decadent.org.uk> | Thu Apr 29 16:02:20 2021 +0200 |
tree | d7fa3f8844d87766943104120b39da471d4d9be0 | |
parent | a31ae8c508fc8d1bca4f57e9f9f88127572d5202 [diff] |
[klibc] calloc: Fail if multiplication overflows calloc() multiplies its 2 arguments together and passes the result to malloc(). Since the factors and product both have type size_t, this can result in an integer overflow and subsequent buffer overflow. Check for this and fail if it happens. CVE-2021-31870 Signed-off-by: Ben Hutchings <ben@decadent.org.uk>