On 01.10.2015 23:45, Alexander Cherepanov wrote: >On 2015-09-17 12:40, Mark Wielaard wrote: >>>* Now const size_t is used instead of const int for malloc argument >>>type. >> >>Thanks. I am still interested in the overflow issue. I believe since we >>are using unsigned arithmetic and we know the size is always > 0, it >>should be as simple as doing: >> >> const size_t elem_size = ... sizeof (...); >> const size_t bytes = num * elem_size; >> if (unlikely (bytes / elem_size != num)) >> return E_NOMEM; >> ... malloc (bytes); > >Sorry, I'm late to the party but why not check it before multiplication >in a usual way: > >if (num > SIZE_MAX / elem_size) > return E_NOMEM; > >IIUC elem_size is a compile time constant so the whole division is >computed by compiler.
I had not thought of that. Yes, that is a nicer check. Thanks, Mark
