Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/lib/libutil



On Mon, Dec 31, 2012 at 02:59:13AM +0100, Joerg Sonnenberger wrote:
> On Sun, Dec 30, 2012 at 05:36:00PM +0000, David A. Holland wrote:
> > Module Name:        src
> > Committed By:       dholland
> > Date:               Sun Dec 30 17:36:00 UTC 2012
> > 
> > Modified Files:
> >     src/lib/libutil: efun.c
> > 
> > Log Message:
> > If malloc, calloc, or realloc returns NULL when a size of 0 was
> > requested, which is allowed by pertinent standards, honor it instead
> > of bombing.
> > 
> > Do not do this for calloc(x, y) where x != 0 && y != 0 but x*y == 0;
> > in that case bomb.
> 
> The commit message is misleading. We expect calloc(x,y) to return NULL
> if x!=0 && y!=0 && x*y==0.

I've never quite understood why calloc() was ever defined with 2
parameters.
The only time it can be different (and valid) from a naiive multiply
is when the multiply is done as 'int' on a system where size_t > int.

I'd have thought calloc() should be required to check that the
multiply doesn't overflow - but that ought (probably) require a different
errno than ENOMEM.

Certainly checking for multiply overflow would seem better than
checking for the product being zero.
Unfortunately that check tends to need a divide - although some
simple range checks will avoid that in most cases.

        David

-- 
David Laight: david%l8s.co.uk@localhost


Home | Main Index | Thread Index | Old Index