On Mon, Feb 15, 2016 at 11:22:12PM -0500, Eric Sunshine wrote: > On Mon, Feb 15, 2016 at 4:51 PM, Jeff King <peff@xxxxxxxx> wrote: > > Each of these cases can be converted to use ALLOC_ARRAY or > > REALLOC_ARRAY, which has two advantages: > > > > 1. It automatically checks the array-size multiplication > > for overflow. > > > > 2. It always uses sizeof(*array) for the element-size, > > so that it can never go out of sync with the declared > > type of the array. > > > > Signed-off-by: Jeff King <peff@xxxxxxxx> > > --- > > diff --git a/compat/mingw.c b/compat/mingw.c > > index 77a51d3..0eabe68 100644 > > --- a/compat/mingw.c > > +++ b/compat/mingw.c > > @@ -854,7 +854,7 @@ static char **get_path_split(void) > > if (!n) > > return NULL; > > > > - path = xmalloc((n+1)*sizeof(char *)); > > + ALLOC_ARRAY(path, n+1); > > Elsewhere in this patch, you've reformatted "x+c" as "x + c"; perhaps > do so here, as well. Will do. I noticed while going over this before sending it out that it may also be technically possible for "n+1" to overflow here (and I think in a few other places in this patch). I don't know how paranoid we want to be. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html