Patchwork D1904: bdiff: Handle the possibility of integer overflow when computing allocation size

login
register
mail settings
Submitter phabricator
Date Jan. 18, 2018, 2:43 p.m.
Message ID <differential-rev-PHID-DREV-7taer6juw736lhiqicsa-req@phab.mercurial-scm.org>
Download mbox | patch
Permalink /patch/26903/
State Superseded
Headers show

Comments

phabricator - Jan. 18, 2018, 2:43 p.m.
alex_gaynor created this revision.
alex_gaynor added a reviewer: durin42.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.

REPOSITORY
  rHG Mercurial

BRANCH
  malloc-overflow (bookmark) on default (branch)

REVISION DETAIL
  https://phab.mercurial-scm.org/D1904

AFFECTED FILES
  mercurial/bdiff.c

CHANGE DETAILS




To: alex_gaynor, durin42, #hg-reviewers
Cc: mercurial-devel

Patch

diff --git a/mercurial/bdiff.c b/mercurial/bdiff.c
--- a/mercurial/bdiff.c
+++ b/mercurial/bdiff.c
@@ -95,7 +95,7 @@ 
 
 	/* try to allocate a large hash table to avoid collisions */
 	for (scale = 4; scale; scale /= 2) {
-		h = (struct pos *)malloc(scale * buckets * sizeof(struct pos));
+		h = (struct pos *)calloc(buckets, scale * sizeof(struct pos));
 		if (h)
 			break;
 	}