Add XNFcallocarray() to allow xnfcalloc() to check for overflow

The xnfcalloc() macro took two arguments but simply multiplied them together without checking for overflow and defeating any overflow checking that calloc() might have done. Let's not do that. The original XNFcalloc() function is left for now to preserve driver ABI, but is marked as deprecated so it can be removed in a future round of ABI break/cleanup. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Matt Turner <mattst88@gmail.com>
author: Alan Coopersmith <alan.coopersmith@oracle.com> 2015-03-21 15:21:14 -0700
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2015-04-21 16:57:07 -0700
commit: b96dc999968320ad6322b50c79d847efcfcd02b2 (patch)
tree: 6b5f1853a7b7c4fc4bd9387dbc3d5caf0b386368 /os
parent: f3ba909753cd216fc9eca4618a76cc283ccbf51e (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/os/utils.c b/os/utils.c
index 75769f17c..24a87516e 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -1128,10 +1128,20 @@ XNFalloc(unsigned long amount)
     return ptr;
 }
 
+/* The original XNFcalloc was used with the xnfcalloc macro which multiplied
+ * the arguments at the call site without allowing calloc to check for overflow.
+ * XNFcallocarray was added to fix that without breaking ABI.
+ */
 void *
 XNFcalloc(unsigned long amount)
 {
-    void *ret = calloc(1, amount);
+    return XNFcallocarray(1, amount);
+}
+
+void *
+XNFcallocarray(size_t nmemb, size_t size)
+{
+    void *ret = calloc(nmemb, size);
 
     if (!ret)
         FatalError("XNFcalloc: Out of memory");
author	Alan Coopersmith <alan.coopersmith@oracle.com>	2015-03-21 15:21:14 -0700
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2015-04-21 16:57:07 -0700
commit	b96dc999968320ad6322b50c79d847efcfcd02b2 (patch)
tree	6b5f1853a7b7c4fc4bd9387dbc3d5caf0b386368 /os
parent	f3ba909753cd216fc9eca4618a76cc283ccbf51e (diff)