From 1d5cae645b413239294cb98bf6b16b281ae10df7 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers3@gmail.com>
Date: Fri, 16 Dec 2016 19:47:44 -0800
Subject: [PATCH] util.c: check for calloc multiplication overflow

---
 src/util.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/util.c b/src/util.c
index e0c5cc1b..47aedd42 100644
--- a/src/util.c
+++ b/src/util.c
@@ -3,7 +3,7 @@
  */
 
 /*
- * Copyright (C) 2012, 2013, 2014 Eric Biggers
+ * Copyright (C) 2012-2016 Eric Biggers
  *
  * This file is free software; you can redistribute it and/or modify it under
  * the terms of the GNU Lesser General Public License as published by the Free
@@ -23,6 +23,7 @@
 #  include "config.h"
 #endif
 
+#include <errno.h>
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -82,7 +83,14 @@ void *
 wimlib_calloc(size_t nmemb, size_t size)
 {
 	size_t total_size = nmemb * size;
-	void *p = MALLOC(total_size);
+	void *p;
+
+	if (size != 0 && nmemb > SIZE_MAX / size) {
+		errno = ENOMEM;
+		return NULL;
+	}
+
+	p = MALLOC(total_size);
 	if (p)
 		p = memset(p, 0, total_size);
 	return p;
-- 
2.43.0