OpenBSD added calloc overflow checking on July 29th, 2002.
glibc added calloc overflow checking on August 1, 2002. Probably not a coincidence. I'm going to say nobody checked for overflow prior to the August 2002 security advisory.
It is embarrassing for glibc not to check for overflow in calloc implementation prior to 2002. It is not only a security flaw but also violation of C Standards (even the first version ratified in 1989, usually referred to as C89).
The standard reads as follows:
void *calloc(size_t nmemb, size_t size);
The calloc function allocates space for an array of nmemb objects, each of whose size is size.[...]
and,
The calloc function returns either a null pointer or a pointer to the allocated space.
So if it cannot allocate space for an array of nmemb objects, each of whose size is size, then it has to return null pointer.
https://github.com/openbsd/src/commit/c7b2af4b3f7e78424f8943...
https://github.com/bminor/glibc/commit/0950889b810736fe7ad34...
http://cert.uni-stuttgart.de/ticker/advisories/calloc.html