xmalloc: Add and use xcalloc

Add a wrapper for calloc which checks for integer overflows in the
calculation of the size to allocate.

Use xcalloc to allocate an array of objects instead of calculating the
size ourselves, which might cause an integer overflow.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

7 files changed, 24 insertions, 7 deletions

diff --git a/astraceroute.c b/astraceroute.c
index 2f3449e..da922c6 100644
--- a/astraceroute.c
+++ b/astraceroute.c
@@ -785,7 +785,7 @@ static int __process_time(struct ctx *ctx, int fd, int fd_cap, int ttl,
 		return -EIO;
 	}
 
-	tmp = xmalloc(sizeof(struct timeval) * good);
+	tmp = xcalloc(good, sizeof(struct timeval));
 	for (i = j = 0; i < array_size(probes); ++i) {
 		if (probes[i].tv_sec == 0 && probes[i].tv_usec == 0)
 			continue;
diff --git a/cpusched.c b/cpusched.c
index 2b4260b..26c0771 100644
--- a/cpusched.c
+++ b/cpusched.c
@@ -140,7 +140,8 @@ static int cleanup_cpusched_batch(void *ptr)
 void init_cpusched(unsigned int cpus)
 {
 	rwlock_init(&map_lock);
-	cpu_work_map = xzmalloc((cpu_len = cpus) * sizeof(*cpu_work_map));
+	cpu_len = cpus;
+	cpu_work_map = xcalloc(cpu_len, sizeof(*cpu_work_map));
 	init_hash(&mapper);
 }
 
diff --git a/curvetun_server.c b/curvetun_server.c
index 36a55fe..c1d5477 100644
--- a/curvetun_server.c
+++ b/curvetun_server.c
@@ -638,7 +638,7 @@ int server_main(char *home, char *dev, char *port, int udp, int ipv4, int log)
 
 	set_nonblocking(lfd);
 
-	events = xzmalloc(MAX_EPOLL_SIZE * sizeof(*events));
+	events = xcalloc(MAX_EPOLL_SIZE, sizeof(*events));
 	for (i = 0; i < MAX_EPOLL_SIZE; ++i)
 		events[i].data.fd = -1;
 
@@ -661,7 +661,7 @@ int server_main(char *home, char *dev, char *port, int udp, int ipv4, int log)
 	if (!ispow2(threads))
 		syslog_panic("Thread number not power of two!\n");
 
-	threadpool = xzmalloc(sizeof(*threadpool) * threads);
+	threadpool = xcalloc(threads, sizeof(*threadpool));
 	thread_spawn_or_panic(cpus, efd[1], refd[1], tunfd, ipv4, udp);
 
 	init_cpusched(threads);
diff --git a/hash.c b/hash.c
index 51eb627..88d59bf 100644
--- a/hash.c
+++ b/hash.c
@@ -94,7 +94,7 @@ static void grow_hash_table(struct hash_table *table)
 	struct hash_table_entry *old_array = table->array, *new_array;
 
 	new_size = alloc_nr(old_size);
-	new_array = xzmalloc(sizeof(struct hash_table_entry) * new_size);
+	new_array = xcalloc(new_size, sizeof(struct hash_table_entry));
 
 	table->size = new_size;
 	table->array = new_array;
diff --git a/ifpps.c b/ifpps.c
index 4cdcbf4..77c63a6 100644
--- a/ifpps.c
+++ b/ifpps.c
@@ -173,7 +173,7 @@ static inline int padding_from_num(int n)
 }
 
 #define STATS_ALLOC1(member)	\
-	do { stats->member = xzmalloc(cpus * sizeof(*(stats->member))); } while (0)
+	do { stats->member = xcalloc(cpus, sizeof(*(stats->member))); } while (0)
 
 static void stats_alloc(struct ifstat *stats, unsigned int cpus)
 {
@@ -1425,7 +1425,7 @@ int main(int argc, char **argv)
 	stats_alloc(&stats_new, cpus);
 	stats_alloc(&stats_delta, cpus);
 
-	cpu_hits = xzmalloc(cpus * sizeof(*cpu_hits));
+	cpu_hits = xcalloc(cpus, sizeof(*cpu_hits));
 
 	if (promisc)
 		ifflags = device_enter_promiscuous_mode(ifname);
diff --git a/xmalloc.c b/xmalloc.c
index 02d6ce4..bdb6234 100644
--- a/xmalloc.c
+++ b/xmalloc.c
@@ -34,6 +34,21 @@ void *xmalloc(size_t size)
 	return ptr;
 }
 
+void *xcalloc(size_t nmemb, size_t size)
+{
+	void *ptr;
+
+	if (unlikely(nmemb == 0 || size == 0))
+		panic("xcalloc: zero size\n");
+
+	ptr = calloc(nmemb, size);
+	if (unlikely(ptr == NULL))
+		panic("xcalloc: out of memory (allocating %zu members of "
+		      "%zu bytes)\n", nmemb, size);
+
+	return ptr;
+}
+
 void *xzmalloc(size_t size)
 {
 	void *ptr = xmalloc(size);
diff --git a/xmalloc.h b/xmalloc.h
index 952b827..2ad0372 100644
--- a/xmalloc.h
+++ b/xmalloc.h
@@ -7,6 +7,7 @@
 #include "die.h"
 
 extern void *xmalloc(size_t size) __hidden;
+extern void *xcalloc(size_t nmemb, size_t size) __hidden;
 extern void *xzmalloc(size_t size) __hidden;
 extern void *xmallocz(size_t size) __hidden;
 extern void *xmalloc_aligned(size_t size, size_t alignment) __hidden;