calloc: Use calloc() at most places

This modifies most of the places we do some form of:

  X = malloc(Y * Z);

to use calloc(Y, Z) instead.

Among other issues, this fixes:
  - allocation of integer overflow in grub_png_decode_image_header()
    reported by Chris Coulson,
  - allocation of integer overflow in luks_recover_key()
    reported by Chris Coulson,
  - allocation of integer overflow in grub_lvm_detect()
    reported by Chris Coulson.

Fixes: CVE-2020-14308

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

grub-core/normal/charset.c

@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg,
 {
   grub_size_t msg_len = grub_strlen (msg);
 
-  *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
+  *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
  
   if (!*unicode_msg)
     return -1;
@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen,
 	    }
 	  else
 	    {
-	      n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1));
+	      n = grub_calloc (out->ncomb + 1, sizeof (n[0]));
 	      if (!n)
 		{
 		  grub_errno = GRUB_ERR_NONE;
@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const grub_uint32_t *logical,
       }							\
   }
 
-  visual = grub_malloc (sizeof (visual[0]) * logical_len);
+  visual = grub_calloc (logical_len, sizeof (visual[0]));
   if (!visual)
     return -1;
 
@@ -1165,8 +1165,8 @@ grub_bidi_logical_to_visual (const grub_uint32_t *logical,
 {
   const grub_uint32_t *line_start = logical, *ptr;
   struct grub_unicode_glyph *visual_ptr;
-  *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0])
-					  * (logical_len + 2));
+  *visual_out = visual_ptr = grub_calloc (logical_len + 2,
+					  3 * sizeof (visual_ptr[0]));
   if (!visual_ptr)
     return -1;
   for (ptr = logical; ptr <= logical + logical_len; ptr++)

grub-core/normal/cmdline.c

@@ -41,7 +41,7 @@ grub_err_t
 grub_set_history (int newsize)
 {
   grub_uint32_t **old_hist_lines = hist_lines;
-  hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize);
+  hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *));
 
   /* Copy the old lines into the new buffer.  */
   if (old_hist_lines)
@@ -114,7 +114,7 @@ static void
 grub_history_set (int pos, grub_uint32_t *s, grub_size_t len)
 {
   grub_free (hist_lines[pos]);
-  hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t));
+  hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t));
   if (!hist_lines[pos])
     {
       grub_print_error ();
@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_translated)
   char *ret;
   unsigned nterms;
 
-  buf = grub_malloc (max_len * sizeof (grub_uint32_t));
+  buf = grub_calloc (max_len, sizeof (grub_uint32_t));
   if (!buf)
     return 0;
 
@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_translated)
     FOR_ACTIVE_TERM_OUTPUTS(cur)
       nterms++;
 
-    cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms);
+    cl_terms = grub_calloc (nterms, sizeof (cl_terms[0]));
     if (!cl_terms)
       {
 	grub_free (buf);
@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_translated)
       }
     cl_term_cur = cl_terms;
 
-    unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
+    unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
     if (!unicode_msg)
       {
 	grub_free (buf);
@@ -495,7 +495,7 @@ grub_cmdline_get (const char *prompt_translated)
 		grub_uint32_t *insert;
 
 		insertlen = grub_strlen (insertu8);
-		insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t));
+		insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t));
 		if (!insert)
 		  {
 		    grub_free (insertu8);
@@ -602,7 +602,7 @@ grub_cmdline_get (const char *prompt_translated)
 
 	      grub_free (kill_buf);
 
-	      kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t));
+	      kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t));
 	      if (grub_errno)
 		{
 		  grub_print_error ();

grub-core/normal/menu_entry.c

@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct line *linep)
 {
   linep->len = 0;
   linep->max_len = 80;
-  linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0]));
-  linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0]));
+  linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0]));
+  linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0]));
   if (! linep->buf || !linep->pos)
     {
       grub_free (linep->buf);
@@ -287,7 +287,7 @@ update_screen (struct screen *screen, struct per_term_screen *term_screen,
 	  pos = linep->pos + (term_screen - screen->terms);
 
 	  if (!*pos)
-	    *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos));
+	    *pos = grub_calloc (linep->len + 1, sizeof (**pos));
 
 	  if (i == region_start || linep == screen->lines + screen->line
 	      || (i > region_start && mode == ALL_LINES))
@@ -471,7 +471,7 @@ insert_string (struct screen *screen, const char *s, int update)
 
 	  /* Insert the string.  */
 	  current_linep = screen->lines + screen->line;
-	  unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t));
+	  unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t));
 
 	  if (!unicode_msg)
 	    return 0;
@@ -1023,7 +1023,7 @@ complete (struct screen *screen, int continuous, int update)
   if (completion_buffer.buf)
     {
       buflen = grub_strlen (completion_buffer.buf);
-      ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1));
+      ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t));
       
       if (!ucs4)
 	{
@@ -1268,7 +1268,7 @@ grub_menu_entry_run (grub_menu_entry_t entry)
   for (i = 0; i < (unsigned) screen->num_lines; i++)
     {
       grub_free (screen->lines[i].pos);
-      screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0]));
+      screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0]));
       if (! screen->lines[i].pos)
 	{
 	  grub_print_error ();
@@ -1278,7 +1278,7 @@ grub_menu_entry_run (grub_menu_entry_t entry)
 	}
     }
 
-  screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0]));
+  screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0]));
   if (!screen->terms)
     {
       grub_print_error ();

grub-core/normal/menu_text.c

@@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left,
   grub_size_t msg_len = grub_strlen (msg) + 2;
   int ret = 0;
 
-  unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t));
+  unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t));
  
   if (!unicode_msg)
     return 0;
@@ -211,7 +211,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry,
 
   title = entry ? entry->title : "";
   title_len = grub_strlen (title);
-  unicode_title = grub_malloc (title_len * sizeof (*unicode_title));
+  unicode_title = grub_calloc (title_len, sizeof (*unicode_title));
   if (! unicode_title)
     /* XXX How to show this error?  */
     return;

grub-core/normal/term.c

@@ -264,7 +264,7 @@ grub_term_save_pos (void)
   FOR_ACTIVE_TERM_OUTPUTS(cur)
     cnt++;
 
-  ret = grub_malloc (cnt * sizeof (ret[0]));
+  ret = grub_calloc (cnt, sizeof (ret[0]));
   if (!ret)
     return NULL;
 
@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_t msg_len)
 
   grub_error_push ();
 
-  unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t));
+  unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t));
  
   grub_error_pop ();