We need to make a decision if lex is upstream code or our own fork. If it is not our own fork -- then stay away from this. It is pointless putting increasing delta into code which does not run in risk environments.
> The second reallocarray is unnecessary, but it'll prevent the next forty > auditors from being distracted by malloc(x * sizeof(y)). I'm happy to > leave malloc if people prefer that. > > ok? > > > Index: scanflags.c > =================================================================== > RCS file: /cvs/src/usr.bin/lex/scanflags.c,v > retrieving revision 1.3 > diff -u -p -r1.3 scanflags.c > --- scanflags.c 19 Nov 2015 23:20:34 -0000 1.3 > +++ scanflags.c 26 Nov 2015 18:16:16 -0000 > @@ -42,7 +42,8 @@ void > sf_push (void) > { > if (_sf_top_ix + 1 >= _sf_max) > - _sf_stk = (scanflags_t*) realloc ( (void*) _sf_stk, > sizeof(scanflags_t) * (_sf_max += 32)); > + _sf_max += 32; > + _sf_stk = reallocarray(_sf_stk, _sf_max, sizeof(scanflags_t)); > > // copy the top element > _sf_stk[_sf_top_ix + 1] = _sf_stk[_sf_top_ix]; > @@ -61,7 +62,8 @@ void > sf_init (void) > { > assert(_sf_stk == NULL); > - _sf_stk = (scanflags_t*) malloc ( sizeof(scanflags_t) * (_sf_max = 32)); > + _sf_max = 32; > + _sf_stk = reallocarray(NULL, _sf_max, sizeof(scanflags_t)); > if (!_sf_stk) > lerrsf_fatal(_("Unable to allocate %ld of stack"), > (void *)sizeof(scanflags_t)); >