use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg

4 files changed, 11 insertions, 11 deletions

diff --git a/bin/df/df.c b/bin/df/df.c
index acbeb334a6d..9c9c08b562e 100644
--- a/bin/df/df.c
+++ b/bin/df/df.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: df.c,v 1.46 2006/10/29 19:20:01 otto Exp $	*/
+/*	$OpenBSD: df.c,v 1.47 2007/09/02 15:19:07 deraadt Exp $	*/
 /*	$NetBSD: df.c,v 1.21.2.1 1995/11/01 00:06:11 jtc Exp $	*/
 
 /*
@@ -45,7 +45,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)df.c	8.7 (Berkeley) 4/2/94";
 #else
-static char rcsid[] = "$OpenBSD: df.c,v 1.46 2006/10/29 19:20:01 otto Exp $";
+static char rcsid[] = "$OpenBSD: df.c,v 1.47 2007/09/02 15:19:07 deraadt Exp $";
 #endif
 #endif /* not lint */
 
@@ -248,7 +248,7 @@ maketypelist(char *fslist)
 		++nextcp;
 
 	/* Build an array of that many types. */
-	if ((av = typelist = malloc((i + 1) * sizeof(char *))) == NULL)
+	if ((av = typelist = calloc(i + 1, sizeof(char *))) == NULL)
 		err(1, NULL);
 	av[0] = fslist;
 	for (i = 1, nextcp = fslist; (nextcp = strchr(nextcp, ',')) != NULL; i++) {
diff --git a/bin/ed/undo.c b/bin/ed/undo.c
index 473dd41e404..c01dc191ee1 100644
--- a/bin/ed/undo.c
+++ b/bin/ed/undo.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: undo.c,v 1.8 2003/06/11 23:42:12 deraadt Exp $	*/
+/*	$OpenBSD: undo.c,v 1.9 2007/09/02 15:19:07 deraadt Exp $	*/
 /*	$NetBSD: undo.c,v 1.2 1995/03/21 09:04:52 cgd Exp $	*/
 
 /* undo.c: This file contains the undo routines for the ed line editor */
@@ -32,7 +32,7 @@
 #if 0
 static char *rcsid = "@(#)undo.c,v 1.1 1994/02/01 00:34:44 alm Exp";
 #else
-static char rcsid[] = "$OpenBSD: undo.c,v 1.8 2003/06/11 23:42:12 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: undo.c,v 1.9 2007/09/02 15:19:07 deraadt Exp $";
 #endif
 #endif /* not lint */
 
@@ -52,7 +52,7 @@ push_undo_stack(int type, int from, int to)
 
 #if defined(sun) || defined(NO_REALLOC_NULL)
 	if (ustack == NULL &&
-	    (ustack = (undo_t *) malloc((usize = USIZE) * sizeof(undo_t))) == NULL) {
+	    (ustack = (undo_t *) calloc((usize = USIZE), sizeof(undo_t))) == NULL) {
 		perror(NULL);
 		seterrmsg("out of memory");
 		return NULL;
diff --git a/bin/pax/tables.c b/bin/pax/tables.c
index 2705b319c33..e428051c3da 100644
--- a/bin/pax/tables.c
+++ b/bin/pax/tables.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tables.c,v 1.24 2006/11/17 08:38:04 otto Exp $	*/
+/*	$OpenBSD: tables.c,v 1.25 2007/09/02 15:19:08 deraadt Exp $	*/
 /*	$NetBSD: tables.c,v 1.4 1995/03/21 09:07:45 cgd Exp $	*/
 
 /*-
@@ -38,7 +38,7 @@
 #if 0
 static const char sccsid[] = "@(#)tables.c	8.1 (Berkeley) 5/31/93";
 #else
-static const char rcsid[] = "$OpenBSD: tables.c,v 1.24 2006/11/17 08:38:04 otto Exp $";
+static const char rcsid[] = "$OpenBSD: tables.c,v 1.25 2007/09/02 15:19:08 deraadt Exp $";
 #endif
 #endif /* not lint */
 
@@ -1102,7 +1102,7 @@ dir_start(void)
 		return(0);
 
 	dirsize = DIRP_SIZE;
-	if ((dirp = malloc(dirsize * sizeof(DIRDATA))) == NULL) {
+	if ((dirp = calloc(dirsize, sizeof(DIRDATA))) == NULL) {
 		paxwarn(1, "Unable to allocate memory for directory times");
 		return(-1);
 	}
diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c
index 37a52712f5c..8e2045c564a 100644
--- a/bin/systrace/systrace.c
+++ b/bin/systrace/systrace.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: systrace.c,v 1.54 2006/07/02 12:34:15 sturm Exp $	*/
+/*	$OpenBSD: systrace.c,v 1.55 2007/09/02 15:19:08 deraadt Exp $	*/
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -754,7 +754,7 @@ main(int argc, char **argv)
 
 	if (pidattach == 0) {
 		/* Run a command and attach to it */
-		if ((args = malloc((argc + 1) * sizeof(char *))) == NULL)
+		if ((args = calloc(argc + 1, sizeof(char *))) == NULL)
 			err(1, "malloc");
 
 		for (i = 0; i < argc; i++)