reftable/basics: handle allocation failures in `reftable_calloc()`

Handle allocation failures in `reftable_calloc()`.

While at it, remove our use of `st_mult()` that would cause us to die on
an overflow. From the caller's point of view there is not much of a
difference between arguments that are too large to be multiplied and a
request that is too big to handle by the allocator: in both cases the
allocation cannot be fulfilled. And in neither of these cases do we want
the reftable library to die.

While we could use `unsigned_mult_overflows()` to handle the overflow
gracefully, we instead open-code it to further our goal of converting
the reftable codebase to become a standalone library that can be reused
by external projects.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/reftable/basics.c b/reftable/basics.c
index 4adc98cf5ded5626e4b79caf724bb543fe841808..3350bbffa2384df17f6bea3f60d042e2c283cafa 100644 (file)
--- a/reftable/basics.c
+++ b/reftable/basics.c
@@ -37,9 +37,16 @@ void reftable_free(void *p)
 
 void *reftable_calloc(size_t nelem, size_t elsize)
 {
-       size_t sz = st_mult(nelem, elsize);
-       void *p = reftable_malloc(sz);
-       memset(p, 0, sz);
+       void *p;
+
+       if (nelem && elsize > SIZE_MAX / nelem)
+               return NULL;
+
+       p = reftable_malloc(nelem * elsize);
+       if (!p)
+               return NULL;
+
+       memset(p, 0, nelem * elsize);
        return p;
 }