Mesa (master): egl: Restrict multiplication in calloc arguments to use compile-time constants

Carl Worth cworth at kemper.freedesktop.org
Thu Sep 4 01:37:11 UTC 2014 

Module: Mesa
Branch: master
Commit: ecc89e4e42c0eda41de5a37d9d0614d0846e3a3e
URL:    http://cgit.freedesktop.org/mesa/mesa/commit/?id=ecc89e4e42c0eda41de5a37d9d0614d0846e3a3e

Author: Carl Worth <cworth at cworth.org>
Date:   Wed Sep  3 14:33:18 2014 -0700

egl: Restrict multiplication in calloc arguments to use compile-time constants

As explained in the previous commit, we want to avoid the possibility of
integer-multiplication overflow while allocating buffers.

In these two cases, the final allocation size is the product of three values:
one variable and two that are fixed constants at compile time.

In this commit, we move the explicit multiplication to involve only the
compile-time constants, preventing any overflow from that multiplication, (and
allowing calloc to catch any potential overflow from the remainining implicit
multiplication).

Reviewed-by: Matt Turner <mattst88 at gmail.com>

---

 src/egl/drivers/dri2/platform_drm.c     |    2 +-
 src/egl/drivers/dri2/platform_wayland.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/egl/drivers/dri2/platform_drm.c b/src/egl/drivers/dri2/platform_drm.c
index e272beb..70bd7d4 100644
--- a/src/egl/drivers/dri2/platform_drm.c
+++ b/src/egl/drivers/dri2/platform_drm.c
@@ -352,7 +352,7 @@ dri2_drm_get_buffers(__DRIdrawable * driDrawable,
    const unsigned int format = 32;
    int i;
 
-   attachments_with_format = calloc(count * 2, sizeof(unsigned int));
+   attachments_with_format = calloc(count, 2 * sizeof(unsigned int));
    if (!attachments_with_format) {
       *out_count = 0;
       return NULL;
diff --git a/src/egl/drivers/dri2/platform_wayland.c b/src/egl/drivers/dri2/platform_wayland.c
index 537d26e..59b2792 100644
--- a/src/egl/drivers/dri2/platform_wayland.c
+++ b/src/egl/drivers/dri2/platform_wayland.c
@@ -468,7 +468,7 @@ dri2_wl_get_buffers(__DRIdrawable * driDrawable,
    const unsigned int format = 32;
    int i;
 
-   attachments_with_format = calloc(count * 2, sizeof(unsigned int));
+   attachments_with_format = calloc(count, 2 * sizeof(unsigned int));
    if (!attachments_with_format) {
       *out_count = 0;
       return NULL;

More information about the mesa-commit mailing list