Am I incorrect to presume that if the values are successfully used in calloc(), that (size_t)nmemb * (size_t)size will not overflow? Isn't the storage capacity of size_t greater than the amount of addressable space? If it is, calloc() will throw an "out of memory" or other error before you'll ever reach putting freezero((size_t)nmemb * (size_t)size);
-Luke On Wed, Feb 17, 2021 at 2:36 PM Luke Small <lukensm...@gmail.com> wrote: > if the nmemb and size values being passed to calloc() are of a larger > integer datatype, they will have been truncated when passed to the function > there as well. > > Perhaps you need something larger than size_t in the entire malloc manpage > series? > > > > -Luke > > > On Wed, Feb 17, 2021 at 2:25 PM Theo de Raadt <dera...@openbsd.org> wrote: > >> > > Would it be too much hand-holding to put in the manpage that to >> avoid potential >> > > freeezero() integer overflow, >> > > it may be useful to run freezero() as freezero((size_t)nmemb * >> (size_t)size); >> > >> > Wow, Those casts make it very clear you don't understand C, if you do >> > that kind of stuff elsewhere you are introducing problems. >> >> If nmemb or size are of a type greater than size_t, those casts serve >> only one >> purpose -- truncating the high bits before performing multiply, which >> results in >> an incorrect size. >> >> >> >>
