On Sun, May 04, 2014 at 12:17:16PM -0600, Theo de Raadt wrote: > We are going to completely ignore diffs which change multiple idioms > at once.
Okay. > That is how mistakes get made. Yep, more true than I realized. Here's a simpler one: Index: apps.c =================================================================== RCS file: /cvs/src/lib/libssl/src/apps/apps.c,v retrieving revision 1.45 diff -u -p -r1.45 apps.c --- apps.c 3 May 2014 16:03:54 -0000 1.45 +++ apps.c 4 May 2014 19:35:59 -0000 @@ -209,13 +209,10 @@ chopup_args(ARGS * arg, char *buf, int * *argc = 0; *argv = NULL; - i = 0; if (arg->count == 0) { arg->count = 20; - arg->data = (char **)malloc(sizeof(char *) * arg->count); + arg->data = calloc(arg->count, sizeof(char *)); } - for (i = 0; i < arg->count; i++) - arg->data[i] = NULL; num = 0; p = buf; @@ -232,8 +229,7 @@ chopup_args(ARGS * arg, char *buf, int * if (num >= arg->count) { char **tmp_p; int tlen = arg->count + 20; - tmp_p = (char **) realloc(arg->data, - sizeof(char *) * tlen); + tmp_p = reallocarray(arg->data, tlen, sizeof(char *)); if (tmp_p == NULL) return 0; arg->data = tmp_p; @@ -1836,9 +1832,9 @@ parse_name(char *subject, long chtype, i * only become shorter */ char *buf = malloc(buflen); size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ - char **ne_types = malloc(max_ne * sizeof(char *)); - char **ne_values = malloc(max_ne * sizeof(char *)); - int *mval = malloc(max_ne * sizeof(int)); + char **ne_types = reallocarray(NULL, max_ne, sizeof(char *)); + char **ne_values = reallocarray(NULL, max_ne, sizeof(char *)); + int *mval = reallocarray(NULL, max_ne, sizeof(int)); char *sp = subject, *bp = buf; int i, ne_num = 0; Index: ca.c =================================================================== RCS file: /cvs/src/lib/libssl/src/apps/ca.c,v retrieving revision 1.48 diff -u -p -r1.48 ca.c --- ca.c 2 May 2014 17:06:46 -0000 1.48 +++ ca.c 4 May 2014 19:36:00 -0000 @@ -2002,8 +2002,8 @@ again2: row[DB_type][0] = 'V'; row[DB_type][1] = '\0'; - if ((irow = (char **)malloc(sizeof(char *) * (DB_NUMBER + 1))) == - NULL) { + irow = reallocarray(NULL, DB_NUMBER + 1, sizeof(char *)); + if (irow == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } @@ -2267,8 +2267,8 @@ do_revoke(X509 * x509, CA_DB * db, int t row[DB_type][0] = 'V'; row[DB_type][1] = '\0'; - if ((irow = (char **)malloc(sizeof(char *) * - (DB_NUMBER + 1))) == NULL) { + irow = reallocarray(NULL, DB_NUMBER + 1, sizeof(char *)); + if (irow == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } Index: ecparam.c =================================================================== RCS file: /cvs/src/lib/libssl/src/apps/ecparam.c,v retrieving revision 1.10 diff -u -p -r1.10 ecparam.c --- ecparam.c 24 Apr 2014 12:22:22 -0000 1.10 +++ ecparam.c 4 May 2014 19:36:00 -0000 @@ -312,7 +312,7 @@ bad: crv_len = EC_get_builtin_curves(NULL, 0); - curves = malloc((int) (sizeof(EC_builtin_curve) * crv_len)); + curves = reallocarray(NULL, crv_len, sizeof(EC_builtin_curve)); if (curves == NULL) goto end; Index: speed.c =================================================================== RCS file: /cvs/src/lib/libssl/src/apps/speed.c,v retrieving revision 1.38 diff -u -p -r1.38 speed.c --- speed.c 2 May 2014 17:06:46 -0000 1.38 +++ speed.c 4 May 2014 19:36:00 -0000 @@ -2178,7 +2178,7 @@ do_multi(int multi) int *fds; static char sep[] = ":"; - fds = malloc(multi * sizeof *fds); + fds = reallocarray(NULL, multi, sizeof(int)); for (n = 0; n < multi; ++n) { if (pipe(fd) == -1) { fprintf(stderr, "pipe failure\n"); Index: srp.c =================================================================== RCS file: /cvs/src/lib/libssl/src/apps/srp.c,v retrieving revision 1.10 diff -u -p -r1.10 srp.c --- srp.c 24 Apr 2014 12:22:22 -0000 1.10 +++ srp.c 4 May 2014 19:36:00 -0000 @@ -176,7 +176,8 @@ update_index(CA_DB * db, BIO * bio, char char **irow; int i; - if ((irow = (char **) malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) { + irow = reallocarray(NULL, DB_NUMBER + 1, sizeof(char *)); + if (irow == NULL) BIO_printf(bio_err, "Memory allocation failure\n"); return 0; }