From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Mon, 12 Dec 2016 02:55:47 +0000 (+0200)
Subject: lib: *_new(): Use the new MALLOC_MULTIPLY() macro to avoid overflows
X-Git-Tag: 2.3.0.rc1~2412
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7e90e9424489b06ebe17a019f56eb3624ca091b2;p=thirdparty%2Fdovecot%2Fcore.git

lib: *_new(): Use the new MALLOC_MULTIPLY() macro to avoid overflows

Cast the sizeof() result to unsigned int, because it's definitely always
enough and in many cases this allows optimizing away the wrap-check.
---

diff --git a/src/lib/data-stack.h b/src/lib/data-stack.h
index 72b5244ea1..da8791ef3c 100644
--- a/src/lib/data-stack.h
+++ b/src/lib/data-stack.h
@@ -92,7 +92,8 @@ bool t_try_realloc(void *mem, size_t size);
 size_t t_get_bytes_available(void) ATTR_PURE;
 
 #define t_new(type, count) \
-	((type *) t_malloc0(sizeof(type) * (count)))
+	((type *) t_malloc0(MALLOC_MULTIPLY((unsigned int)sizeof(type), (count))) + \
+	 COMPILE_ERROR_IF_TRUE(sizeof(type) > UINT_MAX))
 
 /* Returns pointer to a temporary buffer you can use. The buffer will be
    invalid as soon as next t_malloc() is called!
diff --git a/src/lib/mempool.h b/src/lib/mempool.h
index 7fc52359d3..c796a0a9e0 100644
--- a/src/lib/mempool.h
+++ b/src/lib/mempool.h
@@ -69,7 +69,8 @@ pool_t pool_datastack_create(void);
 size_t pool_get_exp_grown_size(pool_t pool, size_t old_size, size_t min_size);
 
 #define p_new(pool, type, count) \
-	((type *) p_malloc(pool, sizeof(type) * (count)))
+	((type *) p_malloc(pool, MALLOC_MULTIPLY((unsigned int)sizeof(type), (count))) + \
+	 COMPILE_ERROR_IF_TRUE(sizeof(type) > UINT_MAX))
 static inline void * ATTR_MALLOC ATTR_RETURNS_NONNULL
 p_malloc(pool_t pool, size_t size)
 {