Commit ef506fee authored by oliver's avatar oliver
Browse files

Partial fix for <rdar://problem/5585334> numfuzz: integer overflows opening...

Partial fix for <rdar://problem/5585334> numfuzz: integer overflows opening malformed SVG file in WebCore::ImageBuffer::create

Reviewed By Eric.

Unfortunately this is a very slight regression, but is unavoidable.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@27698 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 2a958c78
2007-11-11 Oliver Hunt <oliver@apple.com>
Reviewed by Eric.
Partial fix for <rdar://problem/5585334> numfuzz: integer overflows opening malformed SVG file in WebCore::ImageBuffer::create
Unfortunately this is a very slight regression, but is unavoidable.
* wtf/FastMalloc.cpp:
2007-11-10 Eric Seidel <eric@webkit.org>
Reviewed by darin.
......
......@@ -2292,12 +2292,18 @@ void free(void* ptr) {
extern "C"
#endif
void* calloc(size_t n, size_t elem_size) {
void* result = do_malloc(n * elem_size);
const size_t totalBytes = n * elem_size;
// Protect against overflow
if (n > 1 && elem_size && (totalBytes / elem_size) != n)
return 0;
void* result = do_malloc(totalBytes);
if (result != NULL) {
memset(result, 0, n * elem_size);
memset(result, 0, totalBytes);
}
#ifndef WTF_CHANGES
MallocHook::InvokeNewHook(result, n * elem_size);
MallocHook::InvokeNewHook(result, totalBytes);
#endif
return result;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment