From df591ee292c99ead3a286c50f64e5c461f3a9d8e Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 4 Jan 2006 12:45:45 +0000
Subject: replace avahi_new() with a version that checks for an integer
 overflow (suggested by Martin Pitt)

git-svn-id: file:///home/lennart/svn/public/avahi/trunk@1053 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe
---
 avahi-common/malloc.h | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/avahi-common/malloc.h b/avahi-common/malloc.h
index d911a3a..40b6272 100644
--- a/avahi-common/malloc.h
+++ b/avahi-common/malloc.h
@@ -26,6 +26,8 @@
 
 #include <sys/types.h>
 #include <stdarg.h>
+#include <limits.h>
+#include <assert.h>
 
 #include <avahi-common/cdecl.h>
 #include <avahi-common/gccmacro.h>
@@ -44,11 +46,23 @@ void avahi_free(void *p);
 /** Similar to libc's realloc() */
 void *avahi_realloc(void *p, size_t size);
 
+/** Internal helper for avahi_new() */
+static inline void* avahi_new_internal(unsigned n, size_t k) {
+    assert(n < INT_MAX/k);
+    return avahi_malloc(n*k);
+}
+
 /** Allocate n new structures of the specified type. */
-#define avahi_new(type, n) ((type*) avahi_malloc((n)*sizeof(type)))
+#define avahi_new(type, n) ((type*) avahi_new_internal((n), sizeof(type)))
+
+/** Internal helper for avahi_new0() */
+static inline void* avahi_new0_internal(unsigned n, size_t k) {
+    assert(n < INT_MAX/k);
+    return avahi_malloc0(n*k);
+}
 
 /** Same as avahi_new() but set the memory to zero */
-#define avahi_new0(type, n) ((type*) avahi_malloc0((n)*sizeof(type)))
+#define avahi_new0(type, n) ((type*) avahi_new0_internal((n), sizeof(type)))
 
 /** Just like libc's strdup() */
 char *avahi_strdup(const char *s);
-- 
cgit