This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v4] Add reallocarray function.
- From: Dennis Wölfing <denniswoelfing at gmx dot de>
- To: DJ Delorie <dj at redhat dot com>
- Cc: libc-alpha at sourceware dot org, fweimer at redhat dot com
- Date: Thu, 11 May 2017 20:36:26 +0200
- Subject: Re: [PATCH v4] Add reallocarray function.
- Authentication-results: sourceware.org; auth=none
- References: <xnefvvmhfb.fsf@greed.delorie.com>
On 11.05.2017 19:28, DJ Delorie wrote:> Dennis Wlfing
<denniswoelfing@gmx.de> writes:
>>>> diff --git a/malloc/reallocarray.c b/malloc/reallocarray.c
>>>> +void *
>>>> +__libc_reallocarray (void *optr, size_t nmemb, size_t elem_size)
>>
>> The header include/stdlib.h (not to be confused with stdlib/stdlib.h) is
>> an internal glibc header. It declares the function prefixed with __libc_
>> so that other glibc functions can call it without causing namespace
>> problems. In the public headers only reallocarray is declared which is a
>> weak alias for __libc_reallocarray.
>
> I was mostly concerned with the __THROW differences. I've seen those
> cause problems in the past.
Okay, I will add the __THROW.
>> The check_mul_overflow_size_t function was put in the new
>> malloc-private.h header because malloc-internal.h is also used in other
>> parts of glibc.
>
> I have no problems with other parts of glibc seeing it, as long as it
> has a suitable name. I'm just trying to avoid having too many headers
> without a good reason for them.
So putting check_mul_overflow_size_t() into malloc-internal.h is
preferred over malloc-private.h?
>>>> + /* Overflow should leave buffer untouched. */
>>>
>>> This requirement isn't documented anywhere...
>>
>> The reallocarray documentation says that reallocarray is equivalent to
>> realloc(ptr, nmemb*size) and the realloc documentation says it does not
>> modify the memory block on failure.
>
> True, but overflow is a new condition that realloc doesn't have, that's
> all, and since overflow checking is the *reason* for reallocarray, it
> makes sense to clarify how it works.
>