Bug Summary

File:os/reallocarray.c
Location:line 42, column 9
Description:Call to 'realloc' has an allocation size of 0 bytes

Annotated Source Code

1/* $OpenBSD: reallocarray.c,v 1.2 2014/12/08 03:45:00 bcook Exp $ */
2/*
3 * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifdef HAVE_DIX_CONFIG_H1
19#include <dix-config.h>
20#endif
21
22#include <sys/types.h>
23#include <errno(*__error()).h>
24#include <stdint.h>
25#include <stdlib.h>
26#include "os.h"
27
28/*
29 * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
30 * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
31 */
32#define MUL_NO_OVERFLOW((size_t)1 << (sizeof(size_t) * 4)) ((size_t)1 << (sizeof(size_t) * 4))
33
34void *
35reallocarrayxreallocarray(void *optr, size_t nmemb, size_t size)
36{
37 if ((nmemb >= MUL_NO_OVERFLOW((size_t)1 << (sizeof(size_t) * 4)) || size >= MUL_NO_OVERFLOW((size_t)1 << (sizeof(size_t) * 4))) &&
38 nmemb > 0 && SIZE_MAX18446744073709551615ULL / nmemb < size) {
1
Assuming 'nmemb' is <= 0
39 errno(*__error()) = ENOMEM12;
40 return NULL((void*)0);
41 }
42 return realloc(optr, size * nmemb);
2
Call to 'realloc' has an allocation size of 0 bytes
43}