yann@1: diff -ur glibc-2.1.3.orig/malloc/malloc.c glibc-2.1.3/malloc/malloc.c
yann@1: --- glibc-2.1.3.orig/malloc/malloc.c	Wed Feb 23 10:02:55 2000
yann@1: +++ glibc-2.1.3/malloc/malloc.c	Thu Aug  1 09:24:10 2002
yann@1: @@ -3656,12 +3656,20 @@
yann@1:  {
yann@1:    arena *ar_ptr;
yann@1:    mchunkptr p, oldtop;
yann@1: -  INTERNAL_SIZE_T sz, csz, oldtopsize;
yann@1: +  INTERNAL_SIZE_T bytes, sz, csz, oldtopsize;
yann@1:    Void_t* mem;
yann@1:  
yann@1: +  /* size_t is unsigned so the behavior on overflow is defined;
yann@1: +   * request2size() uses similar post-checks anyway. */
yann@1: +  bytes = n * elem_size;
yann@1: +  if ((n | elem_size) >= 65536 && elem_size && bytes / elem_size != n) {
yann@1: +    __set_errno (ENOMEM);
yann@1: +    return 0;
yann@1: +  }
yann@1: +
yann@1:  #if defined _LIBC || defined MALLOC_HOOKS
yann@1:    if (__malloc_hook != NULL) {
yann@1: -    sz = n * elem_size;
yann@1: +    sz = bytes;
yann@1:  #if defined __GNUC__ && __GNUC__ >= 2
yann@1:      mem = (*__malloc_hook)(sz, __builtin_return_address (0));
yann@1:  #else
yann@1: @@ -3678,7 +3686,7 @@
yann@1:    }
yann@1:  #endif
yann@1:  
yann@1: -  if(request2size(n * elem_size, sz))
yann@1: +  if(request2size(bytes, sz))
yann@1:      return 0;
yann@1:    arena_get(ar_ptr, sz);
yann@1:    if(!ar_ptr)