1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/patches/glibc/2.1.3/rh62-11-glibc-2.1.3-calloc.patch Sat Jun 16 18:01:59 2007 +0000
1.3 @@ -0,0 +1,35 @@
1.4 +diff -ur glibc-2.1.3.orig/malloc/malloc.c glibc-2.1.3/malloc/malloc.c
1.5 +--- glibc-2.1.3.orig/malloc/malloc.c Wed Feb 23 10:02:55 2000
1.6 ++++ glibc-2.1.3/malloc/malloc.c Thu Aug 1 09:24:10 2002
1.7 +@@ -3656,12 +3656,20 @@
1.8 + {
1.9 + arena *ar_ptr;
1.10 + mchunkptr p, oldtop;
1.11 +- INTERNAL_SIZE_T sz, csz, oldtopsize;
1.12 ++ INTERNAL_SIZE_T bytes, sz, csz, oldtopsize;
1.13 + Void_t* mem;
1.14 +
1.15 ++ /* size_t is unsigned so the behavior on overflow is defined;
1.16 ++ * request2size() uses similar post-checks anyway. */
1.17 ++ bytes = n * elem_size;
1.18 ++ if ((n | elem_size) >= 65536 && elem_size && bytes / elem_size != n) {
1.19 ++ __set_errno (ENOMEM);
1.20 ++ return 0;
1.21 ++ }
1.22 ++
1.23 + #if defined _LIBC || defined MALLOC_HOOKS
1.24 + if (__malloc_hook != NULL) {
1.25 +- sz = n * elem_size;
1.26 ++ sz = bytes;
1.27 + #if defined __GNUC__ && __GNUC__ >= 2
1.28 + mem = (*__malloc_hook)(sz, __builtin_return_address (0));
1.29 + #else
1.30 +@@ -3678,7 +3686,7 @@
1.31 + }
1.32 + #endif
1.33 +
1.34 +- if(request2size(n * elem_size, sz))
1.35 ++ if(request2size(bytes, sz))
1.36 + return 0;
1.37 + arena_get(ar_ptr, sz);
1.38 + if(!ar_ptr)