Hi, a while ago I committed a patch to trunk adding a function xmallocarray to libgfortran, which is a malloc wrapper like xmalloc but has two arguments and does an overflow check before multiplying them together.
https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721 Originally I had no intentions of backporting this functionality to release branches, but subsequently Florian Weimer thought it was important enough to warrant a CVE number (CVE-2014-5044), so after some private discussions with Tobias and Jerry we agreed to backport. http://seclists.org/oss-sec/2014/q3/230 https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01136.html https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01135.html -- Janne Blomqvist
