Fix overflow caltions bugs in varus memmory functions, Thanks irc : Elrond (from TNG) for fixing calloc overflow bug.

svn path=/trunk/; revision=22196

reactos/lib/crt/stdlib/malloc.c

@@ -36,10 +36,17 @@ extern HANDLE hHeap;
  */
 void* malloc(size_t _size)
 {
+   size_t nSize;
+     
    if ( _size == 0)
        return NULL;
-         
+  
-   return HeapAlloc(hHeap, 0, ROUND_SIZE(_size));
+   nSize = ROUND_SIZE(_size);
+   
+   if (nSize<_size) 
+       return NULL;     
+       
+   return HeapAlloc(hHeap, 0, nSize);
 }
 
 /*
@@ -54,11 +61,14 @@ void free(void* _ptr)
  * @implemented
  */
 void* calloc(size_t _nmemb, size_t _size)
-{
+{   
-   if ( _size == 0)
+   size_t nSize = _nmemb * _size;
-       return NULL;
+   size_t cSize = ROUND_SIZE(nSize);
-          
+      
-   return HeapAlloc(hHeap, HEAP_ZERO_MEMORY, ROUND_SIZE(_nmemb*_size) );
+   if ((_nmemb > ((size_t)-1 / _size)  || (nSize == 0) || (cSize<nSize)) 
+      return NULL;
+               
+   return HeapAlloc(hHeap, HEAP_ZERO_MEMORY, cSize );
 }
 
 /*
@@ -66,11 +76,18 @@ void* calloc(size_t _nmemb, size_t _size)
  */
 void* realloc(void* _ptr, size_t _size)
 {
+   size_t nSize;
+       
    if ( _size == 0)
        return NULL;
-          
+   
+   nSize = ROUND_SIZE(_size);
+   
+   if (nSize<_size)
+       return NULL;
+               
    if (!_ptr) return malloc(_size);
-   if (_size) return HeapReAlloc(hHeap, 0, _ptr, ROUND_SIZE(_size));
+   if (_size) return HeapReAlloc(hHeap, 0, _ptr, nSize);
    free(_ptr);
    return NULL;
 }
@@ -80,10 +97,17 @@ void* realloc(void* _ptr, size_t _size)
  */
 void* _expand(void* _ptr, size_t _size)
 {
+   size_t nSize;
+      
    if ( _size == 0)
        return NULL;
+
+   nSize = ROUND_SIZE(_size);
+   
+   if (nSize<_size)
+       return NULL;
           
-   return HeapReAlloc(hHeap, HEAP_REALLOC_IN_PLACE_ONLY, _ptr, ROUND_SIZE(_size));
+   return HeapReAlloc(hHeap, HEAP_REALLOC_IN_PLACE_ONLY, _ptr, nSize);
 }
 
 /*