calloc: Make sure we always have an overflow-checking calloc() available

This tries to make sure that everywhere in this source tree, we always have
an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.)
available, and that they all safely check for overflow and return NULL when
it would occur.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Patch-Name: safe-alloc-2.patch

grub-core/kern/emu/misc.c

@@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...)
   exit (1);
 }
 
+void *
+xcalloc (grub_size_t nmemb, grub_size_t size)
+{
+  void *p;
+
+  p = calloc (nmemb, size);
+  if (!p)
+    grub_util_error ("%s", _("out of memory"));
+
+  return p;
+}
+
 void *
 xmalloc (grub_size_t size)
 {

grub-core/kern/emu/mm.c

@@ -25,6 +25,16 @@
 #include <string.h>
 #include <grub/i18n.h>
 
+void *
+grub_calloc (grub_size_t nmemb, grub_size_t size)
+{
+  void *ret;
+  ret = calloc (nmemb, size);
+  if (!ret)
+    grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+  return ret;
+}
+
 void *
 grub_malloc (grub_size_t size)
 {

grub-core/kern/mm.c

@@ -67,8 +67,10 @@
 #include <grub/dl.h>
 #include <grub/i18n.h>
 #include <grub/mm_private.h>
+#include <grub/safemath.h>
 
 #ifdef MM_DEBUG
+# undef grub_calloc
 # undef grub_malloc
 # undef grub_zalloc
 # undef grub_realloc
@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size)
   return 0;
 }
 
+/*
+ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on
+ * integer overflow.
+ */
+void *
+grub_calloc (grub_size_t nmemb, grub_size_t size)
+{
+  void *ret;
+  grub_size_t sz = 0;
+
+  if (grub_mul (nmemb, size, &sz))
+    {
+      grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+      return NULL;
+    }
+
+  ret = grub_memalign (0, sz);
+  if (!ret)
+    return NULL;
+
+  grub_memset (ret, 0, sz);
+  return ret;
+}
+
 /* Allocate SIZE bytes and return the pointer.  */
 void *
 grub_malloc (grub_size_t size)
@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno)
   grub_printf ("\n");
 }
 
+void *
+grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size)
+{
+  void *ptr;
+
+  if (grub_mm_debug)
+    grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ",
+		 file, line, size);
+  ptr = grub_calloc (nmemb, size);
+  if (grub_mm_debug)
+    grub_printf ("%p\n", ptr);
+  return ptr;
+}
+
 void *
 grub_debug_malloc (const char *file, int line, grub_size_t size)
 {

grub-core/lib/libgcrypt_wrap/mem.c

@@ -4,6 +4,7 @@
 #include <grub/crypto.h>
 #include <grub/dl.h>
 #include <grub/env.h>
+#include <grub/safemath.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -36,7 +37,10 @@ void *
 gcry_xcalloc (size_t n, size_t m)
 {
   void *ret;
-  ret = grub_zalloc (n * m);
+  size_t sz;
+  if (grub_mul (n, m, &sz))
+    grub_fatal ("gcry_xcalloc would overflow");
+  ret = grub_zalloc (sz);
   if (!ret)
     grub_fatal ("gcry_xcalloc failed");
   return ret;
@@ -56,7 +60,10 @@ void *
 gcry_xcalloc_secure (size_t n, size_t m)
 {
   void *ret;
-  ret = grub_zalloc (n * m);
+  size_t sz;
+  if (grub_mul (n, m, &sz))
+    grub_fatal ("gcry_xcalloc would overflow");
+  ret = grub_zalloc (sz);
   if (!ret)
     grub_fatal ("gcry_xcalloc failed");
   return ret;

grub-core/lib/posix_wrap/stdlib.h

@@ -21,6 +21,7 @@
 
 #include <grub/mm.h>
 #include <grub/misc.h>
+#include <grub/safemath.h>
 
 static inline void 
 free (void *ptr)
@@ -37,7 +38,12 @@ malloc (grub_size_t size)
 static inline void *
 calloc (grub_size_t size, grub_size_t nelem)
 {
-  return grub_zalloc (size * nelem);
+  grub_size_t sz;
+
+  if (grub_mul (size, nelem, &sz))
+    return NULL;
+
+  return grub_zalloc (sz);
 }
 
 static inline void *

include/grub/emu/misc.h

@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev);
 #define GRUB_HOST_PRIuLONG_LONG "llu"
 #define GRUB_HOST_PRIxLONG_LONG "llx"
 
+void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT;
 void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT;
 void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT;
 char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT;

include/grub/mm.h

@@ -29,6 +29,7 @@
 #endif
 
 void grub_mm_init_region (void *addr, grub_size_t size);
+void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size);
 void *EXPORT_FUNC(grub_malloc) (grub_size_t size);
 void *EXPORT_FUNC(grub_zalloc) (grub_size_t size);
 void EXPORT_FUNC(grub_free) (void *ptr);
@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug);
 void grub_mm_dump_free (void);
 void grub_mm_dump (unsigned lineno);
 
+#define grub_calloc(nmemb, size)	\
+  grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size)
+
 #define grub_malloc(size)	\
   grub_debug_malloc (GRUB_FILE, __LINE__, size)
 
@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno);
 #define grub_free(ptr)	\
   grub_debug_free (GRUB_FILE, __LINE__, ptr)
 
+void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line,
+				      grub_size_t nmemb, grub_size_t size);
 void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line,
 				      grub_size_t size);
 void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line,