1.1 --- a/patches/glibc/2.1.3/rh62-11-glibc-2.1.3-calloc.patch Tue Aug 14 19:32:22 2007 +0000
1.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
1.3 @@ -1,35 +0,0 @@
1.4 -diff -ur glibc-2.1.3.orig/malloc/malloc.c glibc-2.1.3/malloc/malloc.c
1.5 ---- glibc-2.1.3.orig/malloc/malloc.c Wed Feb 23 10:02:55 2000
1.6 -+++ glibc-2.1.3/malloc/malloc.c Thu Aug 1 09:24:10 2002
1.7 -@@ -3656,12 +3656,20 @@
1.8 - {
1.9 - arena *ar_ptr;
1.10 - mchunkptr p, oldtop;
1.11 -- INTERNAL_SIZE_T sz, csz, oldtopsize;
1.12 -+ INTERNAL_SIZE_T bytes, sz, csz, oldtopsize;
1.13 - Void_t* mem;
1.14 -
1.15 -+ /* size_t is unsigned so the behavior on overflow is defined;
1.16 -+ * request2size() uses similar post-checks anyway. */
1.17 -+ bytes = n * elem_size;
1.18 -+ if ((n | elem_size) >= 65536 && elem_size && bytes / elem_size != n) {
1.19 -+ __set_errno (ENOMEM);
1.20 -+ return 0;
1.21 -+ }
1.22 -+
1.23 - #if defined _LIBC || defined MALLOC_HOOKS
1.24 - if (__malloc_hook != NULL) {
1.25 -- sz = n * elem_size;
1.26 -+ sz = bytes;
1.27 - #if defined __GNUC__ && __GNUC__ >= 2
1.28 - mem = (*__malloc_hook)(sz, __builtin_return_address (0));
1.29 - #else
1.30 -@@ -3678,7 +3686,7 @@
1.31 - }
1.32 - #endif
1.33 -
1.34 -- if(request2size(n * elem_size, sz))
1.35 -+ if(request2size(bytes, sz))
1.36 - return 0;
1.37 - arena_get(ar_ptr, sz);
1.38 - if(!ar_ptr)