The calloc() C library call is used to dynamically allocate memory. It differs from malloc() in that it allows for allocation of a number of elements of a specified size with one call. In various different programming languages there exists similiar language-specific operations. For example, instantiating an array of objects in C++: pointer = new SomeClass[n]; When calculating the total amount of memory to allocate, several of these implementations do not check for integer overflow conditions. If the amount of memory requested exceeds the greatest value that can be represented by a machine word, a buffer that is too small may be allocated. As this is not caught, the procedure will return successfully and the invoking application will operate as though the requested buffer has been allocated. This may have security implications. A heap overrun condition may result if the invoking application attempts to write into the buffer at a location beyond the boundary of what was actually...
The calloc() C library call is used to dynamically allocate memory. It differs from malloc() in that it allows for allocation of a number of elements of a specified size with one call. In various different programming languages there exists similiar language-specific operations. For example, instantiating an array of objects in C++: pointer = new SomeClass[n]; When calculating the total amount of memory to allocate, several of these implementations do not check for integer overflow conditions. If the amount of memory requested exceeds the greatest value that can be represented by a machine word, a buffer that is too small may be allocated. As this is not caught, the procedure will return successfully and the invoking application will operate as though the requested buffer has been allocated. This may have security implications. A heap overrun condition may result if the invoking application attempts to write into the buffer at a location beyond the boundary of what was actually allocated. This vulnerability is of particular importance if the attacker has full or limited control over the arguments to the vulnerable operation.
