[PATCH] Add VSISafeMul2, etc. functions to detect overflows
|Reported by:||Even Rouault||Owned by:||Even Rouault|
|Severity:||normal||Keywords:||overflow memory allocation|
|Cc:||warmerdam, Mateusz Łoskot|
In GDAL, we frequently do things like VSIMalloc(nXSize * nYSize * sizeof(float)). If nXSize and nYSize are big enough and well choosen, the result can be a moderate value, and VSIMalloc can return a non-NULL pointer. However, the memory buffer will probably be overrun in later operations.
The first patch gdal_svn_trunk_vsi_safe_mul.patch adds new API to do safe multiplications with overflow checking. The second patch uses these new API in gdal/gcore. The third patch uses these new API in gdal/frmts. Note that it only uses these new API at places where VSIMalloc/VSICalloc are already used. Drivers using CPLMalloc/CPLCalloc would crash on big allocations and should be modified to use VSIMalloc/VSICalloc, but that's a much bigger effort.