From 842f583b6b51c5c3e8fefb73d41705091cdd4021 Mon Sep 17 00:00:00 2001
From: Walter Bright <walter@walterbright.com>
Date: Mon, 25 Jul 2016 16:25:07 -0700
Subject: [PATCH] std.array: check for overflow on allocation sizes

---
 std/array.d | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/std/array.d b/std/array.d
index 6de97a4ac..5ad3e6a16 100644
--- a/std/array.d
+++ b/std/array.d
@@ -629,9 +629,15 @@ private auto arrayAllocImpl(bool minimallyInitialized, T, I...)(I sizes) nothrow
         {
             import core.stdc.string : memset;
             import core.memory : GC;
-            auto ptr = cast(E*) GC.malloc(sizes[0] * E.sizeof, blockAttribute!E);
+
+            import core.checkedint : mulu;
+            bool overflow;
+            const nbytes = mulu(size, E.sizeof, overflow);
+            if (overflow) assert(0);
+
+            auto ptr = cast(E*) GC.malloc(nbytes, blockAttribute!E);
             static if (minimallyInitialized && hasIndirections!E)
-                memset(ptr, 0, size * E.sizeof);
+                memset(ptr, 0, nbytes);
             ret = ptr[0 .. size];
         }
     }
@@ -2773,8 +2779,14 @@ if (isDynamicArray!A)
                 }
             }
 
+
             // didn't work, must reallocate
-            auto bi = GC.qalloc(newlen * T.sizeof, blockAttribute!T);
+            import core.checkedint : mulu;
+            bool overflow;
+            const nbytes = mulu(newlen, T.sizeof, overflow);
+            if (overflow) assert(0);
+
+            auto bi = GC.qalloc(nbytes, blockAttribute!T);
             _data.capacity = bi.size / T.sizeof;
             import core.stdc.string : memcpy;
             if (len)