From 16106695194ced969f5a58cf2729b5ddd4cb2546 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Wed, 21 Jul 2021 22:37:56 +0200
Subject: [PATCH] LibC: Make calloc() actually fail on multiplication overflow

---
 Userland/Libraries/LibC/malloc.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Userland/Libraries/LibC/malloc.cpp b/Userland/Libraries/LibC/malloc.cpp
index 77a61ee1bb..9c412c55cf 100644
--- a/Userland/Libraries/LibC/malloc.cpp
+++ b/Userland/Libraries/LibC/malloc.cpp
@@ -411,6 +411,10 @@ static void free_impl(void* ptr)
 
 void* calloc(size_t count, size_t size)
 {
+    if (Checked<size_t>::multiplication_would_overflow(count, size)) {
+        errno = ENOMEM;
+        return nullptr;
+    }
     size_t new_size = count * size;
     auto* ptr = malloc_impl(new_size, CallerWillInitializeMemory::Yes);
     if (ptr)