From ecc89e4e42c0eda41de5a37d9d0614d0846e3a3e Mon Sep 17 00:00:00 2001 From: Carl Worth Date: Wed, 3 Sep 2014 14:33:18 -0700 Subject: [PATCH] egl: Restrict multiplication in calloc arguments to use compile-time constants As explained in the previous commit, we want to avoid the possibility of integer-multiplication overflow while allocating buffers. In these two cases, the final allocation size is the product of three values: one variable and two that are fixed constants at compile time. In this commit, we move the explicit multiplication to involve only the compile-time constants, preventing any overflow from that multiplication, (and allowing calloc to catch any potential overflow from the remainining implicit multiplication). Reviewed-by: Matt Turner --- src/egl/drivers/dri2/platform_drm.c | 2 +- src/egl/drivers/dri2/platform_wayland.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/egl/drivers/dri2/platform_drm.c b/src/egl/drivers/dri2/platform_drm.c index e272beb943e..70bd7d4827c 100644 --- a/src/egl/drivers/dri2/platform_drm.c +++ b/src/egl/drivers/dri2/platform_drm.c @@ -352,7 +352,7 @@ dri2_drm_get_buffers(__DRIdrawable * driDrawable, const unsigned int format = 32; int i; - attachments_with_format = calloc(count * 2, sizeof(unsigned int)); + attachments_with_format = calloc(count, 2 * sizeof(unsigned int)); if (!attachments_with_format) { *out_count = 0; return NULL; diff --git a/src/egl/drivers/dri2/platform_wayland.c b/src/egl/drivers/dri2/platform_wayland.c index 537d26e97b7..59b27922056 100644 --- a/src/egl/drivers/dri2/platform_wayland.c +++ b/src/egl/drivers/dri2/platform_wayland.c @@ -468,7 +468,7 @@ dri2_wl_get_buffers(__DRIdrawable * driDrawable, const unsigned int format = 32; int i; - attachments_with_format = calloc(count * 2, sizeof(unsigned int)); + attachments_with_format = calloc(count, 2 * sizeof(unsigned int)); if (!attachments_with_format) { *out_count = 0; return NULL; -- 2.30.2