dovecot · uwezkhan · Apr 21, 2026 · Apr 21, 2026
diff --git a/src/lib/array.c b/src/lib/array.c
@@ -8,24 +8,24 @@ void *
 array_idx_modifiable_i(const struct array *array, unsigned int idx)
 {
 	i_assert(idx < array->buffer->used / array->element_size);
-	return PTR_OFFSET(array->buffer->data, idx * array->element_size);
+	return PTR_OFFSET(array->buffer->data, MALLOC_MULTIPLY(idx, array->element_size));
 }
 
 void *array_idx_get_space_i(struct array *array, unsigned int idx)
 {
-	return buffer_get_space_unsafe(array->buffer, idx * array->element_size,
+	return buffer_get_space_unsafe(array->buffer, MALLOC_MULTIPLY(idx, array->element_size),
 				       array->element_size);
 }
 
 void array_idx_set_i(struct array *array, unsigned int idx, const void *data)
 {
-	buffer_write(array->buffer, idx * array->element_size,
+	buffer_write(array->buffer, MALLOC_MULTIPLY(idx, array->element_size),
 		     data, array->element_size);
 }
 
 void array_idx_clear_i(struct array *array, unsigned int idx)
 {
-	buffer_write_zero(array->buffer, idx * array->element_size,
+	buffer_write_zero(array->buffer, MALLOC_MULTIPLY(idx, array->element_size),
 			  array->element_size);
 }
 
@@ -34,8 +34,8 @@ void *array_insert_space_i(struct array *array, unsigned int idx)
 	void *data;
 	size_t pos;
 
-	pos = idx * array->element_size;
-	buffer_copy(array->buffer, pos + array->element_size,
+	pos = MALLOC_MULTIPLY(idx, array->element_size);
+	buffer_copy(array->buffer, MALLOC_ADD(pos, array->element_size),
 		    array->buffer, pos, SIZE_MAX);
 
 	data = buffer_get_space_unsafe(array->buffer, pos, array->element_size);

diff --git a/src/lib/array.h b/src/lib/array.h
@@ -145,7 +145,7 @@ array_create_i(struct array *array, pool_t pool,
 {
 	buffer_t *buffer;
 
-	buffer = buffer_create_dynamic_max(pool, init_count * element_size,
+	buffer = buffer_create_dynamic_max(pool, MALLOC_MULTIPLY(init_count, element_size),
 		SIZE_MAX / element_size < UINT_MAX ? SIZE_MAX :
 		UINT_MAX * element_size);
 	array_create_from_buffer_i(array, buffer, element_size);
@@ -209,7 +209,7 @@ array_count_i(const struct array *array)
 static inline void
 array_append_i(struct array *array, const void *data, unsigned int count)
 {
-	buffer_append(array->buffer, data, count * array->element_size);
+	buffer_append_array(array->buffer, data, count, array->element_size);
 }
 
 #define array_append(array, data, count) \
@@ -230,8 +230,9 @@ static inline void
 array_insert_i(struct array *array, unsigned int idx,
 	       const void *data, unsigned int count)
 {
-	buffer_insert(array->buffer, idx * array->element_size,
-		      data, count * array->element_size);
+	buffer_insert_array(array->buffer,
+			    MALLOC_MULTIPLY(idx, array->element_size),
+			    data, count, array->element_size);
 }
 
 #define array_insert(array, idx, data, count) \
@@ -241,8 +242,8 @@ array_insert_i(struct array *array, unsigned int idx,
 static inline void
 array_delete_i(struct array *array, unsigned int idx, unsigned int count)
 {
-	buffer_delete(array->buffer, idx * array->element_size,
-		      count * array->element_size);
+	buffer_delete(array->buffer, MALLOC_MULTIPLY(idx, array->element_size),
+		      MALLOC_MULTIPLY(count, array->element_size));
 }
 #define array_delete(array, idx, count) \
 	array_delete_i(&(array)->arr, idx, count)
@@ -273,7 +274,7 @@ static inline const void * ATTR_PURE
 array_idx_i(const struct array *array, unsigned int idx)
 {
 	i_assert(idx < array->buffer->used / array->element_size);
-	return CONST_PTR_OFFSET(array->buffer->data, idx * array->element_size);
+	return CONST_PTR_OFFSET(array->buffer->data, MALLOC_MULTIPLY(idx, array->element_size));
 }
 
 #define array_front(array) array_idx(array, 0)
@@ -353,9 +354,9 @@ array_copy(struct array *dest, unsigned int dest_idx,
 {
 	i_assert(dest->element_size == src->element_size);
 
-	buffer_copy(dest->buffer, dest_idx * dest->element_size,
-		    src->buffer, src_idx * src->element_size,
-		    count * dest->element_size);
+	buffer_copy(dest->buffer, MALLOC_MULTIPLY(dest_idx, dest->element_size),
+		    src->buffer, MALLOC_MULTIPLY(src_idx, src->element_size),
+		    MALLOC_MULTIPLY(count, dest->element_size));
 }
 
 bool array_cmp_i(const struct array *array1,

diff --git a/src/lib/buffer.c b/src/lib/buffer.c
@@ -246,6 +246,12 @@ void buffer_write(buffer_t *_buf, size_t pos,
 		memcpy(buf->w_buffer + pos, data, data_size);
 }
 
+void buffer_write_array(buffer_t *buf, size_t pos,
+			const void *data, size_t count, size_t size)
+{
+	buffer_write(buf, pos, data, MALLOC_MULTIPLY(count, size));
+}
+
 void buffer_append(buffer_t *_buf, const void *data, size_t data_size)
 {
 	struct real_buffer *buf = container_of(_buf, struct real_buffer, buf);
@@ -257,6 +263,12 @@ void buffer_append(buffer_t *_buf, const void *data, size_t data_size)
 	}
 }
 
+void buffer_append_array(buffer_t *buf, const void *data,
+			 size_t count, size_t size)
+{
+	buffer_append(buf, data, MALLOC_MULTIPLY(count, size));
+}
+
 void buffer_append_c(buffer_t *_buf, unsigned char chr)
 {
 	struct real_buffer *buf = container_of(_buf, struct real_buffer, buf);
@@ -279,6 +291,12 @@ void buffer_insert(buffer_t *_buf, size_t pos,
 	}
 }
 
+void buffer_insert_array(buffer_t *buf, size_t pos,
+			 const void *data, size_t count, size_t size)
+{
+	buffer_insert(buf, pos, data, MALLOC_MULTIPLY(count, size));
+}
+
 void buffer_delete(buffer_t *_buf, size_t pos, size_t size)
 {
 	struct real_buffer *buf = container_of(_buf, struct real_buffer, buf);

diff --git a/src/lib/buffer.h b/src/lib/buffer.h
@@ -61,15 +61,21 @@ pool_t buffer_get_pool(const buffer_t *buf) ATTR_PURE;
    current size, it is zero-filled up to that point (even if data_size==0). */
 void buffer_write(buffer_t *buf, size_t pos,
 		  const void *data, size_t data_size);
+void buffer_write_array(buffer_t *buf, size_t pos,
+			const void *data, size_t count, size_t size);
 /* Append data to buffer. */
 void buffer_append(buffer_t *buf, const void *data, size_t data_size);
+void buffer_append_array(buffer_t *buf, const void *data,
+			 size_t count, size_t size);
 /* Append character to buffer. */
 void buffer_append_c(buffer_t *buf, unsigned char chr);
 
 /* Insert the provided data into the buffer at position pos. If pos points past
    the current buffer size, the gap is zero-filled. */
 void buffer_insert(buffer_t *buf, size_t pos,
 		   const void *data, size_t data_size);
+void buffer_insert_array(buffer_t *buf, size_t pos,
+			 const void *data, size_t count, size_t size);
 /* Delete data with the indicated size from the buffer at position pos. The
    deleted block may cross the current buffer size boundary, which is ignored.
  */

diff --git a/src/lib/imem.c b/src/lib/imem.c
@@ -11,6 +11,19 @@ void *i_malloc(size_t size)
 
 void *i_realloc(void *mem, size_t old_size, size_t new_size)
 {
+	i_assert(old_size < SIZE_MAX);
+	i_assert(new_size < SIZE_MAX);
+
+	if (old_size == new_size)
+		return mem;
+
+	if (old_size != 0 && new_size == 0)
+		i_panic("Trying to reallocate %zu -> %zu bytes",
+			old_size, new_size);
+
+	if (mem == NULL)
+		return i_malloc(new_size);
+
 	return p_realloc(default_pool, mem, old_size, new_size);
 }
 

diff --git a/src/lib/strescape.c b/src/lib/strescape.c
@@ -306,7 +306,7 @@ static char **p_strsplit_tabescaped_inplace(pool_t pool, char *data)
 	size_t array_size = MALLOC_MULTIPLY(sizeof(char *), alloc_count);
 	array = pool == unsafe_data_stack_pool ?
 		t_malloc_no0(array_size) :
-		p_malloc(pool, array_size);
+		p_new(pool, char *, alloc_count);
 
 	array[0] = data; count = 1;
 	char *need_unescape = NULL;
@@ -320,12 +320,8 @@ static char **p_strsplit_tabescaped_inplace(pool_t pool, char *data)
 		}
 		if (count+1 >= alloc_count) {
 			new_alloc_count = nearest_power(alloc_count+1);
-			size_t old_size =
-				MALLOC_MULTIPLY(sizeof(char *), alloc_count);
-			size_t new_size =
-				MALLOC_MULTIPLY(sizeof(char *), new_alloc_count);
-			array = p_realloc(pool, array,
-					  old_size, new_size);
+			array = p_realloc_type(pool, array, char *,
+					       alloc_count, new_alloc_count);
 			alloc_count = new_alloc_count;
 		}
 		*data++ = '\0';

diff --git a/src/lib/strfuncs.c b/src/lib/strfuncs.c
@@ -758,12 +758,8 @@ split_str_slow(pool_t pool, const char *data, const char *separators, bool space
 			/* separator found */
 			if (count+1 >= alloc_count) {
 				new_alloc_count = nearest_power(alloc_count+1);
-				size_t old_size =
-					MALLOC_MULTIPLY(sizeof(char *), alloc_count);
-				size_t new_size =
-					MALLOC_MULTIPLY(sizeof(char *), new_alloc_count);
-				array = p_realloc(pool, array,
-						  old_size, new_size);
+				array = p_realloc_type(pool, array, char *,
+						       alloc_count, new_alloc_count);
 				alloc_count = new_alloc_count;
 			}
 
@@ -809,12 +805,8 @@ split_str_fast(pool_t pool, const char *data, char sep)
 		/* separator found */
 		if (count+1 >= alloc_count) {
 			new_alloc_count = nearest_power(alloc_count+1);
-			size_t old_size =
-				MALLOC_MULTIPLY(sizeof(char *), alloc_count);
-			size_t new_size =
-				MALLOC_MULTIPLY(sizeof(char *), new_alloc_count);
-			array = p_realloc(pool, array,
-					  old_size, new_size);
+			array = p_realloc_type(pool, array, char *,
+					       alloc_count, new_alloc_count);
 			alloc_count = new_alloc_count;
 		}
 		*str++ = '\0';