Re: [RFC][PATCH] Add reallocarray function.

[Florian Weimer <fweimer at redhat dot com>]

On 09/01/2014 07:24 PM, Rich Felker wrote:

> > I'm not sure if this is still on the table, but experience shows
> > that the realloc interface is error-prone for another reason: The
> > straight way to write an a reallocation,
> >
> >    ptr = realloc(ptr, new_size);
> >
> > leads to a memory leak on error.  It would be less error-prone to
> > have reallocarray to update the pointer directly on success, e.g.:
> >
> >    if (reallocarray(&ptr, new_count, sizeof(T)) < 0) {
> >      // handle error
> >    }
>
> No, allocation functions which take void** are an extremely bad idiom
> because they encourage UB.

That's why I wrote that reallocarray has to be a macro.

On the other hand, I'm not particularly worried about the aliasing 
violation because according to one reading of the standard, realloc 
returns a pointer to untyped (but partially initialized) memory, which 
needs out-of-language support anyway.

> Also, reallocarray is already defined by OpenBSD and perhaps others
> with a particular signature.

We'd have to give the fixed version a separate name, to avoid another 
strerror_r-like fiasco.

--
Florian Weimer / Red Hat Product Security