From e65a0950b273876cf34889b47a24f63dce62de6f Mon Sep 17 00:00:00 2001
From: goldsimon <goldsimon@gmx.de>
Date: Tue, 4 Apr 2017 21:52:01 +0200
Subject: [PATCH] mem_calloc: check for mem_size_t overflow when multiplying 2
 mem_size_t input values

---
 src/core/mem.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/core/mem.c b/src/core/mem.c
index db3b7cc5..2dea3e8d 100644
--- a/src/core/mem.c
+++ b/src/core/mem.c
@@ -765,12 +765,18 @@ void *
 mem_calloc(mem_size_t count, mem_size_t size)
 {
   void *p;
+  size_t alloc_size = (size_t)count * (size_t)size;
+
+  if ((size_t)(mem_size_t)alloc_size != alloc_size) {
+    LWIP_DEBUGF(MEM_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("mem_calloc: could not allocate %"SZT_F" bytes\n", alloc_size));
+    return NULL;
+  }
 
   /* allocate 'count' objects of size 'size' */
-  p = mem_malloc(count * size);
+  p = mem_malloc((mem_size_t)alloc_size);
   if (p) {
     /* zero the memory */
-    memset(p, 0, (size_t)count * (size_t)size);
+    memset(p, 0, alloc_size);
   }
   return p;
 }