From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bofh@yhbt.net>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN:  
X-Spam-Status: No, score=-4.1 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no
	autolearn=ham autolearn_force=no version=3.4.6
Received: from localhost (dcvr.yhbt.net [127.0.0.1])
	by dcvr.yhbt.net (Postfix) with ESMTP id EFFB41F44D
	for <raindrops-public@yhbt.net>; Sat, 30 Mar 2024 18:03:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=yhbt.net;
	s=selector1; t=1711821835;
	bh=O0zbO+uXkXnj37BEgBFRbxBUEE+f8Wr2YSJxJbLh5fU=;
	h=From:To:Subject:Date:From;
	b=TB7S1m3z7nP0sX/kC5ZRjTL1oqZ7obeGTyl/hRJXdBivTKRvPrxrUqgkrcxGYYXQa
	 LxB3Er5XASSbVkUL1hsPq2sb1swiFoYdBul5NCJooGAHuEVcFGoujmH8NHFO6JvJ/n
	 tK6xLviayKp4D63oRXLvaHJVbu/QWnN8OHQsokEI=
From: Eric Wong <bofh@yhbt.net>
To: raindrops-public@yhbt.net
Subject: [PATCH] khashl: avoid multiplication overflow + memset
Date: Sat, 30 Mar 2024 18:03:54 +0000
Message-ID: <20240330180354.16298-1-bofh@yhbt.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
List-Id: <raindrops-public.yhbt.net>

Instead of a malloc where arguments can silently overflow,
use calloc directly to handle the overflow and zeroing for
us.
---
 ext/raindrops/khashl.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ext/raindrops/khashl.h b/ext/raindrops/khashl.h
index 425d95e..9a6e4fe 100644
--- a/ext/raindrops/khashl.h
+++ b/ext/raindrops/khashl.h
@@ -159,8 +159,8 @@ static kh_inline khint_t __kh_h2b(khint_t hash, khint_t bits) { return hash * 26
 		new_bits = j > 2? j : 2; \
 		new_n_buckets = (khint_t)1U << new_bits; \
 		if (h->count > (new_n_buckets>>1) + (new_n_buckets>>2)) return 0; /* requested size is too small */ \
-		new_used = (khint32_t*)kmalloc(__kh_fsize(new_n_buckets) * sizeof(khint32_t)); \
-		memset(new_used, 0, __kh_fsize(new_n_buckets) * sizeof(khint32_t)); \
+		new_used = (khint32_t*)kcalloc(__kh_fsize(new_n_buckets), \
+						sizeof(khint32_t)); \
 		if (!new_used) return -1; /* not enough memory */ \
 		n_buckets = h->keys? (khint_t)1U<<h->bits : 0U; \
 		if (n_buckets < new_n_buckets) { /* expand */ \