From 6ebd04219f0d749c87a763e8afb578dfcd5223cc Mon Sep 17 00:00:00 2001
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Sun, 2 Sep 2007 15:19:41 +0000
Subject: use calloc() to avoid malloc(n * m) overflows; checked by djm canacar
 jsg

---
 usr.sbin/memconfig/memconfig.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr.sbin/memconfig')

diff --git a/usr.sbin/memconfig/memconfig.c b/usr.sbin/memconfig/memconfig.c
index 27ac18c07de..12b6ebdea3e 100644
--- a/usr.sbin/memconfig/memconfig.c
+++ b/usr.sbin/memconfig/memconfig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: memconfig.c,v 1.11 2006/03/14 19:23:16 moritz Exp $ */
+/* $OpenBSD: memconfig.c,v 1.12 2007/09/02 15:19:39 deraadt Exp $ */
 
 /*-
  * Copyright (c) 1999 Michael Smith <msmith@freebsd.org>
@@ -134,7 +134,7 @@ mrgetall(int memfd, int *nmr)
 		err(1, "can't size range descriptor array");
 
 	*nmr = mro.mo_arg[0];
-	mrd = malloc(*nmr * sizeof(struct mem_range_desc));
+	mrd = calloc(*nmr, sizeof(struct mem_range_desc));
 	if (mrd == NULL)
 		errx(1, "can't allocate %zu bytes for %d range descriptors",
 		     *nmr * sizeof(struct mem_range_desc), *nmr);
-- 
cgit v1.2.3