On Fri, Oct 02, 2015 at 04:17:43PM +0200, Florian Weimer wrote: > On 09/08/2015 11:08 PM, Chih-Hung Hsieh wrote: > > + void *phdrs = malloc (phnum * sizeof (phdr_u)); > > If you change this code anyway, it's sensible to check for integer > overflow in the size computation.
This is now done in a couple of places in the update patch. But it would indeed be nice to do this consistently everywhere we replace a VLA type sizeof allocation with a (n * element size) allocation. Thanks, Mark
