On Sun, May 04, 2014 at 12:29:59AM -0700, Philip Guenther wrote:
> On Sun, May 4, 2014 at 12:21 AM, patrick keshishian
> <sids...@boxsoft.com>wrote:
>
> > On Sun, May 04, 2014 at 02:38:40AM -0400, Jean-Philippe Ouellet wrote:
> >
> ...
>
> > > - if ((irow = (char **)malloc(sizeof(char *) *
> > > - (DB_NUMBER + 1))) == NULL) {
> > > + irow = reallocarray(NULL, DB_NUMBER + 1, sizeof(char *));
> >
> > why not use calloc(2)?
> >
>
> Please justify your belief that the existing code is wrong by lack of
> memset/bzero. Please do so for *ALL* the places where you suggested using
> calloc() where Jean-Philippe Ouellet's patch suggest reallocarray().
How did you deduce my "belief" to be such?
The code was changing malloc(n * size) to reallocarray().
Typical "correction" for this usage has been to convert to
calloc(2), "in order to avoid possible integer overflows".
Seeing that "reallocarray() appeared in OpenBSD 5.6", I am
sure it is an equally fine interface.
Any concern over the first strlen() change I pointed out?
--patrick
> Either:
> a) the existing code's lack of memset/bzero is a bug (details?), OR
> b) using calloc() instead of reallocarray() is *wrong*.
>
>
> Philip Guenther
