summaryrefslogtreecommitdiffstats
path: root/src/mesa/program
diff options
context:
space:
mode:
authorCarl Worth <[email protected]>2014-09-03 14:18:18 -0700
committerCarl Worth <[email protected]>2014-09-03 18:37:02 -0700
commitc35f14f36880eb20f5e54480444e343520e9bec5 (patch)
tree860639f711be92e6ee031b005ac0284320c91d39 /src/mesa/program
parent96ce065db46d11f5ad6423f4a522f3e92153b3cf (diff)
Eliminate several cases of multiplication in arguments to calloc
In commit 32f2fd1c5d6088692551c80352b7d6fa35b0cd09, several calls to _mesa_calloc(x) were replaced with calls to calloc(1, x). This is strictly equivalent to what the code was doing previously. But for cases where "x" involves multiplication, now that we are explicitly using the two-argument calloc, we can do one step better and replace: calloc(1, A * B); with: calloc(A, B); The advantage of the latter is that calloc will detect any overflow that would have resulted from the multiplication and will fail the allocation, (whereas the former would return a small allocation). So this fix can change potentially exploitable buffer overruns into segmentation faults. Reviewed-by: Matt Turner <[email protected]>
Diffstat (limited to 'src/mesa/program')
-rw-r--r--src/mesa/program/prog_instruction.c2
-rw-r--r--src/mesa/program/prog_optimize.c6
-rw-r--r--src/mesa/program/prog_parameter.c2
3 files changed, 5 insertions, 5 deletions
diff --git a/src/mesa/program/prog_instruction.c b/src/mesa/program/prog_instruction.c
index dcfedb77bdd..dc0a5109f88 100644
--- a/src/mesa/program/prog_instruction.c
+++ b/src/mesa/program/prog_instruction.c
@@ -70,7 +70,7 @@ struct prog_instruction *
_mesa_alloc_instructions(GLuint numInst)
{
return
- calloc(1, numInst * sizeof(struct prog_instruction));
+ calloc(numInst, sizeof(struct prog_instruction));
}
diff --git a/src/mesa/program/prog_optimize.c b/src/mesa/program/prog_optimize.c
index 6153f5e2cf5..08c1c3046e7 100644
--- a/src/mesa/program/prog_optimize.c
+++ b/src/mesa/program/prog_optimize.c
@@ -260,7 +260,7 @@ _mesa_remove_dead_code_global(struct gl_program *prog)
}
removeInst =
- calloc(1, prog->NumInstructions * sizeof(GLboolean));
+ calloc(prog->NumInstructions, sizeof(GLboolean));
/* Determine which temps are read and written */
for (i = 0; i < prog->NumInstructions; i++) {
@@ -602,7 +602,7 @@ _mesa_remove_dead_code_local(struct gl_program *prog)
GLuint i, arg, rem = 0;
removeInst =
- calloc(1, prog->NumInstructions * sizeof(GLboolean));
+ calloc(prog->NumInstructions, sizeof(GLboolean));
for (i = 0; i < prog->NumInstructions; i++) {
const struct prog_instruction *inst = prog->Instructions + i;
@@ -743,7 +743,7 @@ _mesa_remove_extra_moves(struct gl_program *prog)
}
removeInst =
- calloc(1, prog->NumInstructions * sizeof(GLboolean));
+ calloc(prog->NumInstructions, sizeof(GLboolean));
/*
* Look for sequences such as this:
diff --git a/src/mesa/program/prog_parameter.c b/src/mesa/program/prog_parameter.c
index 54531d2550d..f43deba0b6d 100644
--- a/src/mesa/program/prog_parameter.c
+++ b/src/mesa/program/prog_parameter.c
@@ -54,7 +54,7 @@ _mesa_new_parameter_list_sized(unsigned size)
/* alloc arrays */
p->Parameters = (struct gl_program_parameter *)
- calloc(1, size * sizeof(struct gl_program_parameter));
+ calloc(size, sizeof(struct gl_program_parameter));
p->ParameterValues = (gl_constant_value (*)[4])
_mesa_align_malloc(size * 4 *sizeof(gl_constant_value), 16);