We need to make a decision if lex is upstream code or our own fork.
If it is not our own fork -- then stay away from this. It is
pointless putting increasing delta into code which does not run in
risk environments.
> The second reallocarray is unnecessary, but it'll prevent the next forty
> auditors from being distracted by malloc(x * sizeof(y)). I'm happy to
> leave malloc if people prefer that.
>
> ok?
>
>
> Index: scanflags.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/lex/scanflags.c,v
> retrieving revision 1.3
> diff -u -p -r1.3 scanflags.c
> --- scanflags.c 19 Nov 2015 23:20:34 -0000 1.3
> +++ scanflags.c 26 Nov 2015 18:16:16 -0000
> @@ -42,7 +42,8 @@ void
> sf_push (void)
> {
> if (_sf_top_ix + 1 >= _sf_max)
> - _sf_stk = (scanflags_t*) realloc ( (void*) _sf_stk,
> sizeof(scanflags_t) * (_sf_max += 32));
> + _sf_max += 32;
> + _sf_stk = reallocarray(_sf_stk, _sf_max, sizeof(scanflags_t));
>
> // copy the top element
> _sf_stk[_sf_top_ix + 1] = _sf_stk[_sf_top_ix];
> @@ -61,7 +62,8 @@ void
> sf_init (void)
> {
> assert(_sf_stk == NULL);
> - _sf_stk = (scanflags_t*) malloc ( sizeof(scanflags_t) * (_sf_max = 32));
> + _sf_max = 32;
> + _sf_stk = reallocarray(NULL, _sf_max, sizeof(scanflags_t));
> if (!_sf_stk)
> lerrsf_fatal(_("Unable to allocate %ld of stack"),
> (void *)sizeof(scanflags_t));
>
