From: Carl Worth Date: Wed, 3 Sep 2014 21:33:18 +0000 (-0700) Subject: egl: Restrict multiplication in calloc arguments to use compile-time constants X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=ecc89e4e42c0eda41de5a37d9d0614d0846e3a3e;p=mesa.git egl: Restrict multiplication in calloc arguments to use compile-time constants As explained in the previous commit, we want to avoid the possibility of integer-multiplication overflow while allocating buffers. In these two cases, the final allocation size is the product of three values: one variable and two that are fixed constants at compile time. In this commit, we move the explicit multiplication to involve only the compile-time constants, preventing any overflow from that multiplication, (and allowing calloc to catch any potential overflow from the remainining implicit multiplication). Reviewed-by: Matt Turner --- diff --git a/src/egl/drivers/dri2/platform_drm.c b/src/egl/drivers/dri2/platform_drm.c index e272beb943e..70bd7d4827c 100644 --- a/src/egl/drivers/dri2/platform_drm.c +++ b/src/egl/drivers/dri2/platform_drm.c @@ -352,7 +352,7 @@ dri2_drm_get_buffers(__DRIdrawable * driDrawable, const unsigned int format = 32; int i; - attachments_with_format = calloc(count * 2, sizeof(unsigned int)); + attachments_with_format = calloc(count, 2 * sizeof(unsigned int)); if (!attachments_with_format) { *out_count = 0; return NULL; diff --git a/src/egl/drivers/dri2/platform_wayland.c b/src/egl/drivers/dri2/platform_wayland.c index 537d26e97b7..59b27922056 100644 --- a/src/egl/drivers/dri2/platform_wayland.c +++ b/src/egl/drivers/dri2/platform_wayland.c @@ -468,7 +468,7 @@ dri2_wl_get_buffers(__DRIdrawable * driDrawable, const unsigned int format = 32; int i; - attachments_with_format = calloc(count * 2, sizeof(unsigned int)); + attachments_with_format = calloc(count, 2 * sizeof(unsigned int)); if (!attachments_with_format) { *out_count = 0; return NULL;