summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDoug Hogan <doug@cvs.openbsd.org>2014-10-11 03:58:12 +0000
committerDoug Hogan <doug@cvs.openbsd.org>2014-10-11 03:58:12 +0000
commit73d2083c43566cfbd9623d21e2ce619b7332e782 (patch)
tree2f368d4f211527f3bd5c37cae1d7dd86c0d4aef9
parentda522bbd0cd76669a8ca98745cc046b3776c2928 (diff)
Userland reallocarray() audit.
Avoid potential integer overflow in the size argument of malloc() and realloc() by using reallocarray() to avoid unchecked multiplication. ok deraadt@
-rw-r--r--games/boggle/boggle/bog.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/games/boggle/boggle/bog.c b/games/boggle/boggle/bog.c
index 52a399c5291..13d489d3e7d 100644
--- a/games/boggle/boggle/bog.c
+++ b/games/boggle/boggle/bog.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bog.c,v 1.22 2013/08/18 16:32:24 guenther Exp $ */
+/* $OpenBSD: bog.c,v 1.23 2014/10/11 03:58:11 doug Exp $ */
/* $NetBSD: bog.c,v 1.5 1995/04/24 12:22:32 cgd Exp $ */
/*-
@@ -327,8 +327,8 @@ playgame(void)
if (npwords == maxpwords - 1) {
maxpwords += MAXPWORDS;
- pword = realloc(pword,
- maxpwords * sizeof(char *));
+ pword = reallocarray(pword, maxpwords,
+ sizeof(char *));
if (pword == NULL) {
cleanup();
errx(1, "%s", strerror(ENOMEM));
@@ -555,7 +555,7 @@ checkdict(void)
continue;
if (nmwords == maxmwords - 1) {
maxmwords += MAXMWORDS;
- mword = realloc(mword, maxmwords * sizeof(char *));
+ mword = reallocarray(mword, maxmwords, sizeof(char *));
if (mword == NULL) {
cleanup();
errx(1, "%s", strerror(ENOMEM));