The calloc() function takes two arguments: the number of elements to allocate and the storage size of those elements. HistoricallyTypically, many implementations of the calloc() function multiplied implementations multiply these arguments together to determine how much memory to allocate. Historically, some implementations failed to check if this multiplication results in a numeric could result in an integer overflow. If the result of multiplying the number of elements to allocate and the storage size cannot be represented properly as a size_t, less memory is allocated than was requested. ThereforeAs a result, it may be is necessary to check the product of the arguments to calloc() for an arithmetic overflow. If an overflow occurs, the program should detect and handle it appropriately.ensure that these arguments, when multiplied, do not result in an integer overflow.
According to RUS-CERT Advisory 2002-08:02, the following C/C++ implementations of calloc() were are defective:
- GNU libc 2.2.5
- Microsoft Visual C++ versions 4.0 and 6.0 (including the C++ new allocator)
- GNU C++ Compiler (GCC versions 2.95, 3.0, and 3.1.1)
- HP-UX 11 implementations prior to 2004-01-14
- dietlibc CVS implementations prior to 2002-08-05
- libgcrypt 1.1.10 (GNU Crypto Library)
...