File CVE-2023-4016-part2.patch of Package procps.37641

 of uninit. ptr
  free(node->u) when reached before node->u=xcalloc().
  2c933ecb handles the multiplication issue, but there is still the possibility
  of int overflow when incrementing "items".
---
 include/xalloc.h |    2 +-
 ps/parser.c      |    4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)
--- include/xalloc.h
+++ include/xalloc.h
@@ -42,7 +42,7 @@ void *xcalloc(const size_t nelems, const
 {
 	void *ret = calloc(nelems, size);
 	if (!ret && size && nelems)
-		xerrx(XALLOC_EXIT_CODE, "cannot allocate %zu bytes", size);
+		xerrx(XALLOC_EXIT_CODE, "cannot allocate %zu bytes", nelems*size);
 	return ret;
 }
 
--- ps/parser.c
+++ ps/parser.c
@@ -23,6 +23,7 @@ 
 
 #include <grp.h>
 #include <pwd.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -185,6 +186,7 @@ static const char *parse_list(const char
   /*** prepare to operate ***/
   node = xmalloc(sizeof(selection_node));
   node->n = 0;
+  node->u = NULL;
   buf = strdup(arg);
   /*** sanity check and count items ***/
   need_item = 1; /* true */
@@ -198,7 +200,7 @@ static const char *parse_list(const char
       need_item=1;
       break;
     default:
-      if(need_item) items++;
+      if(need_item && items<INT_MAX) items++;
       need_item=0;
     }
   } while (*++walk);