On Fri, May 22, 2015 at 10:59:44AM +0200, Jan Engelhardt wrote: > > On Friday 2015-05-22 10:50, Hannes Frederic Sowa wrote: > > > >> + if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && > > > >if ((nmemb|size) >= MUL_NO_OVERFLOW) && ... > > I am sure there are many C tricks one can do, but iptables is > hardly that time-critical to warrant such. The same can be said of ipset, which uses strlcpy and has strlcat in its library. However, those are safer APIs to use. In this particular case, it's safer to use reallocarray(NULL,x,y) rather than malloc(x*y). (Many other less critical software such as m4 have also adopted reallocarray). > The compiler should perhaps learn to do such an optimization > if it does not already. > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html