diff options
author | Doug Hogan <doug@cvs.openbsd.org> | 2014-10-11 03:58:12 +0000 |
---|---|---|
committer | Doug Hogan <doug@cvs.openbsd.org> | 2014-10-11 03:58:12 +0000 |
commit | 73d2083c43566cfbd9623d21e2ce619b7332e782 (patch) | |
tree | 2f368d4f211527f3bd5c37cae1d7dd86c0d4aef9 | |
parent | da522bbd0cd76669a8ca98745cc046b3776c2928 (diff) |
Userland reallocarray() audit.
Avoid potential integer overflow in the size argument of malloc() and
realloc() by using reallocarray() to avoid unchecked multiplication.
ok deraadt@
-rw-r--r-- | games/boggle/boggle/bog.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/games/boggle/boggle/bog.c b/games/boggle/boggle/bog.c index 52a399c5291..13d489d3e7d 100644 --- a/games/boggle/boggle/bog.c +++ b/games/boggle/boggle/bog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bog.c,v 1.22 2013/08/18 16:32:24 guenther Exp $ */ +/* $OpenBSD: bog.c,v 1.23 2014/10/11 03:58:11 doug Exp $ */ /* $NetBSD: bog.c,v 1.5 1995/04/24 12:22:32 cgd Exp $ */ /*- @@ -327,8 +327,8 @@ playgame(void) if (npwords == maxpwords - 1) { maxpwords += MAXPWORDS; - pword = realloc(pword, - maxpwords * sizeof(char *)); + pword = reallocarray(pword, maxpwords, + sizeof(char *)); if (pword == NULL) { cleanup(); errx(1, "%s", strerror(ENOMEM)); @@ -555,7 +555,7 @@ checkdict(void) continue; if (nmwords == maxmwords - 1) { maxmwords += MAXMWORDS; - mword = realloc(mword, maxmwords * sizeof(char *)); + mword = reallocarray(mword, maxmwords, sizeof(char *)); if (mword == NULL) { cleanup(); errx(1, "%s", strerror(ENOMEM)); |