This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Add reallocarray function.
- From: Zack Weinberg <zackw at panix dot com>
- To: Dennis Wölfing <denniswoelfing at gmx dot de>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Mon, 10 Apr 2017 11:18:29 -0400
- Subject: Re: [PATCH] Add reallocarray function.
- Authentication-results: sourceware.org; auth=none
- References: <20170410150053.10208-1-denniswoelfing@gmx.de>
On Mon, Apr 10, 2017 at 11:00 AM, Dennis Wölfing <denniswoelfing@gmx.de> wrote:
> The reallocarray function is an extension from OpenBSD. It is an
> integer-overflow-safe replacement for realloc(p, X*Y) and
> malloc(X*Y) (realloc(NULL, X*Y)). It can therefore help in preventing
> certain security issues in code.
>
> This is an updated version of a patch originally submitted by Rüdiger
> Sonderfeld in May 2014.
> See <https://sourceware.org/ml/libc-alpha/2014-05/msg00481.html>.
I agree in principle with adding this function. I skimmed the patch
and it seems to be mostly the Right Thing. I do have two concerns:
* There do not appear to be any uses of the internal aliases
__libc_reallocarray and __reallocarray. Have you audited glibc itself
for places that should use reallocarray? If you haven't, would you be
willing to do that? This will determine whether we actually need
those aliases.
* Please add documentation for reallocarray. It belongs in
manual/memory.texi, in the "Changing Block Size" section. This is the
place to explain when and why one should use reallocarray instead of
realloc.
zw