-
Committer:
Ben Hutchings
-
Date:
2021-04-29 14:02:20 UTC
-
Revision ID:
git-v1:292650f04c2b5348b4efbad61fb014ed09b4f3f2
[klibc] calloc: Fail if multiplication overflows
calloc() multiplies its 2 arguments together and passes the result to
malloc(). Since the factors and product both have type size_t, this
can result in an integer overflow and subsequent buffer overflow.
Check for this and fail if it happens.
CVE-2021-31870
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>