Re: [PATCH] ALSA: Remove subsystem-specific malloc (1/8)

[Arjan van de Ven]

On Wed, Jun 09, 2004 at 11:57:43PM +0300, Pekka Enberg wrote:
> On Wed, 2004-06-09 at 23:21, Arjan van de Ven wrote:
> > how about making sure n*size doesn't overflow an int in this function?
> > We had a few security holes due to that happening a while ago; might as
> > well prevent it from happening entirely
> 
> Sure.
> 
> 		Pekka
> 
> diff -urN linux-2.6.6/include/linux/slab.h kcalloc-2.6.6/include/linux/slab.h
> --- linux-2.6.6/include/linux/slab.h	2004-06-09 22:56:11.874249056 +0300
> +++ kcalloc-2.6.6/include/linux/slab.h	2004-06-09 23:03:10.597593432 +0300
> @@ -95,6 +95,7 @@
>  	return __kmalloc(size, flags);
>  }
>  
> +extern void *kcalloc(size_t, size_t, int);
>  extern void kfree(const void *);
>  extern unsigned int ksize(const void *);
>  
> diff -urN linux-2.6.6/mm/slab.c kcalloc-2.6.6/mm/slab.c
> --- linux-2.6.6/mm/slab.c	2004-06-09 22:59:13.081701336 +0300
> +++ kcalloc-2.6.6/mm/slab.c	2004-06-09 23:50:06.592497136 +0300
> @@ -2332,6 +2332,25 @@
>  EXPORT_SYMBOL(kmem_cache_free);
>  
>  /**
> + * kcalloc - allocate memory for an array. The memory is set to zero.
> + * @n: number of elements.
> + * @size: element size.
> + * @flags: the type of memory to allocate.
> + */
> +void *kcalloc(size_t n, size_t size, int flags)
> +{
> +	if (n != 0 && size > INT_MAX / n)
> +		return NULL;
> +
> +	void *ret = kmalloc(n * size, flags);
> +	if (ret)
> +		memset(ret, 0, n * size);
> +	return ret;
> +}

ok I like it ;)

only question is what n==0 means, might as well short-circuit that but it's
optional

Attachment: pgp00000.pgp
Description: PGP signature