From 60b4446f6a0a411b507daa5ca9c93cce7ba232a0 Mon Sep 17 00:00:00 2001 From: "Gregory J. Ward" Date: Fri, 15 Jan 2021 02:46:28 +0000 Subject: [PATCH] fix: fixed malloc() call overflow for large matrices --- src/util/cmatrix.c | 4 ++-- src/util/rmatrix.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/util/cmatrix.c b/src/util/cmatrix.c index 3d93b9fed..f42980c55 100644 --- a/src/util/cmatrix.c +++ b/src/util/cmatrix.c @@ -1,5 +1,5 @@ #ifndef lint -static const char RCSid[] = "$Id: cmatrix.c,v 2.28 2020/03/30 20:41:47 greg Exp $"; +static const char RCSid[] = "$Id: cmatrix.c,v 2.29 2021/01/15 02:46:28 greg Exp $"; #endif /* * Color matrix routines. @@ -33,7 +33,7 @@ cm_alloc(int nrows, int ncols) if ((nrows <= 0) | (ncols <= 0)) error(USER, "attempt to create empty matrix"); cm = (CMATRIX *)malloc(sizeof(CMATRIX) + - sizeof(COLOR)*(nrows*ncols - 1)); + sizeof(COLOR)*((size_t)nrows*ncols - 1)); if (!cm) error(SYSTEM, "out of memory in cm_alloc()"); cm->nrows = nrows; diff --git a/src/util/rmatrix.c b/src/util/rmatrix.c index 1c379bc71..0d76fe8ee 100644 --- a/src/util/rmatrix.c +++ b/src/util/rmatrix.c @@ -1,5 +1,5 @@ #ifndef lint -static const char RCSid[] = "$Id: rmatrix.c,v 2.44 2020/05/07 18:45:16 greg Exp $"; +static const char RCSid[] = "$Id: rmatrix.c,v 2.45 2021/01/15 02:46:28 greg Exp $"; #endif /* * General matrix operations. @@ -24,7 +24,7 @@ rmx_alloc(int nr, int nc, int n) if ((nr <= 0) | (nc <= 0) | (n <= 0)) return(NULL); dnew = (RMATRIX *)malloc(sizeof(RMATRIX)-sizeof(dnew->mtx) + - sizeof(dnew->mtx[0])*(n*nr*nc)); + sizeof(dnew->mtx[0])*n*nr*nc); if (!dnew) return(NULL); dnew->nrows = nr; dnew->ncols = nc; dnew->ncomp = n;