I guess I always thought there'd be some more substantial overflow mitigation.
Would it be too much hand-holding to put in the manpage that to avoid potential freeezero() integer overflow, it may be useful to run freezero() as freezero((size_t)nmemb * (size_t)size); -Luke On Wed, Feb 17, 2021 at 11:04 AM Theo de Raadt <dera...@openbsd.org> wrote: > Luke Small <lukensm...@gmail.com> wrote: > > > if calloc() and recallocarray() needs nmemb and size, why doesn't > > freezero()? > > > > Should there be a freeczero(size_t nmemb, size_t size) ? > > Performing the nmemb*size overflow detection a second time provides > no benefit. > > >