On Tue, Jul 30, 2002 at 03:09:36PM +0200, Jaromir Dolecek wrote:
> > 	then what should happen if
> > 		x = calloc(0x10000000, 17);
> > 	on 32bit arch?  it sure will cause integer overflow.
> > 	the commit will make it return NULL (allocation failure).
> 
> It's not libc's business to care about this IMHO.

Just to make sure we're on the same page...
man calloc(3) says:

	void *calloc(size_t number, size_t size);
	[...]
	The calloc() function allocates space for number objects,
	each size bytes in length.
	[...]
	The malloc() and calloc() functions return a pointer to the
	allocated memory if successful; otherwise a NULL pointer is
	returned.

It is libc's responsibility to match the documentation.  It is perfectly
reasonable for it to fail if it can not allocate 'number' objects of
size 'size'.

It is a bug if it returns anything other than NULL or "number * size"
bytes.  Just as it would be a bug if malloc(0x10000) returned only
0x100 bytes of space.

> Checks like these should be within #ifdef _DIAGNOSTIC.

Some checks kind of like this one, certainly.
I think this one should not be in _DIAGNOSTIC.

-allen

-- 
 Allen Briggs                     briggs@wasabisystems.com
 http://www.wasabisystems.com/    Quality NetBSD CDs, Sales, Support, Service
NetBSD development for Alpha, ARM, M68K, MIPS, PowerPC, SuperH, XScale, etc...