From 73d2083c43566cfbd9623d21e2ce619b7332e782 Mon Sep 17 00:00:00 2001 From: Doug Hogan Date: Sat, 11 Oct 2014 03:58:12 +0000 Subject: Userland reallocarray() audit. Avoid potential integer overflow in the size argument of malloc() and realloc() by using reallocarray() to avoid unchecked multiplication. ok deraadt@ --- games/boggle/boggle/bog.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/games/boggle/boggle/bog.c b/games/boggle/boggle/bog.c index 52a399c5291..13d489d3e7d 100644 --- a/games/boggle/boggle/bog.c +++ b/games/boggle/boggle/bog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bog.c,v 1.22 2013/08/18 16:32:24 guenther Exp $ */ +/* $OpenBSD: bog.c,v 1.23 2014/10/11 03:58:11 doug Exp $ */ /* $NetBSD: bog.c,v 1.5 1995/04/24 12:22:32 cgd Exp $ */ /*- @@ -327,8 +327,8 @@ playgame(void) if (npwords == maxpwords - 1) { maxpwords += MAXPWORDS; - pword = realloc(pword, - maxpwords * sizeof(char *)); + pword = reallocarray(pword, maxpwords, + sizeof(char *)); if (pword == NULL) { cleanup(); errx(1, "%s", strerror(ENOMEM)); @@ -555,7 +555,7 @@ checkdict(void) continue; if (nmwords == maxmwords - 1) { maxmwords += MAXMWORDS; - mword = realloc(mword, maxmwords * sizeof(char *)); + mword = reallocarray(mword, maxmwords, sizeof(char *)); if (mword == NULL) { cleanup(); errx(1, "%s", strerror(ENOMEM)); -- cgit v1.2.3