Historically, not quite true. No version of Research UNIX V1 through V7, nor any... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

LukeShu on Dec 5, 2016 | parent | context | favorite | on: Why does calloc exist?

Historically, not quite true.

No version of Research UNIX V1 through V7, nor any of BSD 1, 2, 3, 4, or 4.4 did overflow checking. They all just did `m * n` or `m *= n`.

jcranmer on Dec 5, 2016 [–]

If you look through the history of CVEs, you'll find that pretty much every implementation of calloc or a calloc-like function starts with m * n and ends up only changing after someone points out the security flaw.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact