From ccc045738228a1c3424fa0f8216bcef12ed67a50 Mon Sep 17 00:00:00 2001 From: Doug Hogan Date: Sat, 11 Oct 2014 04:07:40 +0000 Subject: Userland reallocarray() audit. Avoid potential integer overflow in the size argument of malloc() and realloc() by using reallocarray() to avoid unchecked multiplication. ok deraadt@ --- lib/libevent/select.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/libevent/select.c b/lib/libevent/select.c index b87dcf929dd..d2dd535344a 100644 --- a/lib/libevent/select.c +++ b/lib/libevent/select.c @@ -1,4 +1,4 @@ -/* $OpenBSD: select.c,v 1.17 2013/08/24 10:46:48 dlg Exp $ */ +/* $OpenBSD: select.c,v 1.18 2014/10/11 04:07:39 doug Exp $ */ /* * Copyright 2000-2002 Niels Provos @@ -233,12 +233,12 @@ select_resize(struct selectop *sop, int fdsz) if ((writeset_out = realloc(sop->event_writeset_out, fdsz)) == NULL) goto error; sop->event_writeset_out = writeset_out; - if ((r_by_fd = realloc(sop->event_r_by_fd, - n_events*sizeof(struct event*))) == NULL) + if ((r_by_fd = reallocarray(sop->event_r_by_fd, n_events, + sizeof(struct event *))) == NULL) goto error; sop->event_r_by_fd = r_by_fd; - if ((w_by_fd = realloc(sop->event_w_by_fd, - n_events * sizeof(struct event*))) == NULL) + if ((w_by_fd = reallocarray(sop->event_w_by_fd, n_events, + sizeof(struct event *))) == NULL) goto error; sop->event_w_by_fd = w_by_fd; -- cgit v1.2.3