[malloc] Guard against unsigned integer overflow
authorMichael Brown <mcb30@ipxe.org>
Sat, 6 Feb 2016 10:20:57 +0000 (10:20 +0000)
committerMichael Brown <mcb30@ipxe.org>
Sat, 6 Feb 2016 10:47:45 +0000 (10:47 +0000)
commite2b1140486e6d5da756d64ae5fc051b79664c6d6
tree7faa50761bab74dde05e17212cfff9748a8d041c
parent17a200257ac76f775565e33c22e18fc23d74c79b
[malloc] Guard against unsigned integer overflow

Commit f3fbb5f ("[malloc] Avoid integer overflow for excessively large
memory allocations") fixed signed integer overflow issues caused by
the use of ssize_t, but did not guard against unsigned integer
overflow.

Add explicit checks for unsigned integer overflow where needed.  As a
side bonus, erroneous calls to malloc_dma() with an (illegal) size of
zero will now fail cleanly.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
src/core/malloc.c