calloc: Use calloc() at most places

This modifies most of the places we do some form of:

  X = malloc(Y * Z);

to use calloc(Y, Z) instead.

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.

Fixes: CVE-2020-14308

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

grub-core/commands/efi/lsefisystab.c

@@ -73,7 +73,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)),
     grub_printf ("Vendor: ");
     
     for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++);
-    vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1);
+    /* Allocate extra 3 bytes to simplify math. */
+    vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1);
     if (!vendor)
       return grub_errno;
     *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor,

grub-core/commands/legacycfg.c

@@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)),
   if (argc < 2)
     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
 
-  cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1));
+  cutargs = grub_calloc (argc - 1, sizeof (cutargs[0]));
   if (!cutargs)
     return grub_errno;
   cutargc = argc - 1;
@@ -436,7 +436,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)),
 	    {
 	      char rbuf[3] = "-r";
 	      bsdargc = cutargc + 2;
-	      bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc);
+	      bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0]));
 	      if (!bsdargs)
 		{
 		  err = grub_errno;
@@ -559,7 +559,7 @@ grub_cmd_legacy_initrdnounzip (struct grub_command *mycmd __attribute__ ((unused
 	return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"),
 			   "module");
 
-      newargs = grub_malloc ((argc + 1) * sizeof (newargs[0]));
+      newargs = grub_calloc (argc + 1, sizeof (newargs[0]));
       if (!newargs)
 	return grub_errno;
       grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0]));

grub-core/commands/menuentry.c

@@ -154,7 +154,7 @@ grub_normal_add_menu_entry (int argc, const char **args,
     goto fail;
 
   /* Save argc, args to pass as parameters to block arg later. */
-  menu_args = grub_malloc (sizeof (char*) * (argc + 1));
+  menu_args = grub_calloc (argc + 1, sizeof (char *));
   if (! menu_args)
     goto fail;
 

grub-core/commands/nativedisk.c

@@ -195,7 +195,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)),
   else
     path_prefix = prefix;
 
-  mods = grub_malloc (argc * sizeof (mods[0]));
+  mods = grub_calloc (argc, sizeof (mods[0]));
   if (!mods)
     return grub_errno;
 

grub-core/commands/parttool.c

@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name,
   for (nargs = 0; args[nargs].name != 0; nargs++);
   cur->nargs = nargs;
   cur->args = (struct grub_parttool_argdesc *)
-    grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc));
+    grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc));
+  if (!cur->args)
+    {
+      grub_free (cur);
+      curhandle--;
+      return -1;
+    }
   grub_memcpy (cur->args, args,
 	       (nargs + 1) * sizeof (struct grub_parttool_argdesc));
 
@@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)),
 	return err;
       }
 
-  parsed = (int *) grub_zalloc (argc * sizeof (int));
+  parsed = (int *) grub_calloc (argc, sizeof (int));
 
   for (i = 1; i < argc; i++)
     if (! parsed[i])
@@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)),
 	  }
 	ptool = cur;
 	pargs = (struct grub_parttool_args *)
-	  grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args));
+	  grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args));
 	for (j = i; j < argc; j++)
 	  if (! parsed[j])
 	    {

grub-core/commands/regexp.c

@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args)
   if (ret)
     goto fail;
 
-  matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1));
+  matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches));
   if (! matches)
     goto fail;
 

grub-core/commands/search_wrap.c

@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args)
     for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++)
       nhints++;
 
-  hints = grub_malloc (sizeof (hints[0]) * nhints);
+  hints = grub_calloc (nhints, sizeof (hints[0]));
   if (!hints)
     return grub_errno;
   j = 0;