[Fixed typo and restored lost Cc, sorry.]
On 01.10.2015 23:45, Alexander Cherepanov wrote:
On 2015-09-17 12:40, Mark Wielaard wrote:
* Now const size_t is used instead of const int for malloc argument
type.
Thanks. I am still interested in the overflow issue. I believe since we
are using unsigned arithmetic and we know the size is always > 0, it
should be as simple as doing:
const size_t elem_size = ... sizeof (...);
const size_t bytes = num * elem_size;
if (unlikely (bytes / elem_size != num))
return E_NOMEM;
... malloc (bytes);
Sorry, I'm late to the party but why hot check it before multiplication
s/hot/not/
in a usual way:
if (num > SIZE_MAX / elem_size)
return E_NOMEM;
IIUC elem_size is a compile time constant so the whole division is
computed by compiler.
--
Alexander Cherepanov
