Protect against integer overflow in malloca() calls.

1 files changed, 13 insertions, 3 deletions

diff --git a/lib/malloca.h b/lib/malloca.h
index 2f74b96170..5bb2d47348 100644
--- a/lib/malloca.h
+++ b/lib/malloca.h
@@ -70,9 +70,19 @@ extern void freea (void *p);
 # define freea free
 #endif
 
-/* Maybe we should also define a variant
-    nmalloca (size_t n, size_t s) - behaves like malloca (n * s)
-   If this would be useful in your application. please speak up.  */
+/* nmalloca(N,S) is an overflow-safe variant of malloca (N * S).
+   It allocates an array of N objects, each with S bytes of memory,
+   on the stack.  S must be positive and N must be nonnegative.
+   The array must be freed using freea() before the function returns.  */
+#if 1
+/* Cf. the definition of xalloc_oversized.  */
+# define nmalloca(n, s) \
+    ((n) > (size_t) (sizeof (ptrdiff_t) <= sizeof (size_t) ? -1 : -2) / (s) \
+     ? NULL \
+     : malloca ((n) * (s)))
+#else
+extern void * nmalloca (size_t n, size_t s);
+#endif
 
 
 #ifdef __cplusplus