Re: safe-alloc: Does REALLOC_N leak if reallocation fails?

Paul Eggert Sun, 13 Jul 2025 00:53:47 -0700

Ouch, good catch! Thanks.

I've long thought that the safe-alloc module was a mistake, and now I'msurer about it. Let's obsolete it. I installed the attached patch for now.

From e94aad0ca4ab6b54473444c4d6a77460ee2ad3ef Mon Sep 17 00:00:00 2001
From: Paul Eggert <egg...@cs.ucla.edu>
Date: Sun, 13 Jul 2025 00:43:36 -0700
Subject: [PATCH] safe-alloc: make obsolete and remove REALLOC_N

Problem reported by Vivien Kraus in:
https://lists.gnu.org/r/bug-gnulib/2025-07/msg00073.html
This module never caught on.
* lib/safe-alloc.h (REALLOC_N): Remove.
* modules/safe-alloc: Now obsolete.
* tests/test-safe-alloc.c (main): Remove REALLOC_N test.
---
 ChangeLog               | 10 ++++++++++
 NEWS                    |  3 +++
 doc/safe-alloc.texi     | 16 ++++------------
 lib/safe-alloc.h        | 14 --------------
 modules/safe-alloc      |  6 ++++++
 tests/test-safe-alloc.c |  5 -----
 6 files changed, 23 insertions(+), 31 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 20229b3fd5..73b9cfd7a5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2025-07-13  Paul Eggert  <egg...@cs.ucla.edu>
+
+	safe-alloc: make obsolete and remove REALLOC_N
+	Problem reported by Vivien Kraus in:
+	https://lists.gnu.org/r/bug-gnulib/2025-07/msg00073.html
+	This module never caught on.
+	* lib/safe-alloc.h (REALLOC_N): Remove.
+	* modules/safe-alloc: Now obsolete.
+	* tests/test-safe-alloc.c (main): Remove REALLOC_N test.
+
 2025-07-12  Bruno Haible  <br...@clisp.org>
 
 	next-prime: Revert to original behaviour in GNU gettext.
diff --git a/NEWS b/NEWS
index 5499535f2a..08981f26e9 100644
--- a/NEWS
+++ b/NEWS
@@ -74,6 +74,9 @@ User visible incompatible changes
 
 Date        Modules         Changes
 
+2025-07-13  safe-alloc      This module is now obsolete.  Also, it no longer
+                            defines the REALLOC_N macro.
+
 2025-05-09  string-desc     These modules now distinguish between read-only
             xstring-desc    string descriptors (type string_desc_t) and
                             writable string descriptors (type rw_string_desc_t).
diff --git a/doc/safe-alloc.texi b/doc/safe-alloc.texi
index 238209c920..d4cd63ed26 100644
--- a/doc/safe-alloc.texi
+++ b/doc/safe-alloc.texi
@@ -7,6 +7,10 @@ number of common coding errors.  The @code{safe-alloc} module provides
 macros that make it easier to avoid many of them.  It still uses the
 standard C allocation functions behind the scenes.
 
+This module is obsolete, as it does not seem to have caught on in
+practice and some of its features could not be ported to unusual
+platforms.
+
 Some of the memory allocation mistakes that are commonly made are
 
 @itemize @bullet
@@ -71,18 +75,6 @@ bytes long, and store the address of allocated memory in
 Returns @minus{}1 on failure, 0 on success.
 @end defmac
 
-@defmac {int} REALLOC_N (ptr, count)
-@findex REALLOC_N
-Reallocate the memory pointed to by @code{ptr} to be big enough to hold
-at least @code{count} elements, each @code{sizeof *ptr} bytes long,
-and store the address of allocated memory in @code{ptr}.  If
-reallocation fails, the @code{ptr} variable is not modified.
-If the new array is smaller than the old one, discard excess contents;
-if larger, the newly added storage is not initialized.
-
-Returns @minus{}1 on failure, 0 on success.
-@end defmac
-
 @defmac {void} FREE (ptr)
 @findex FREE
 Free the memory stored in @code{ptr} and set @code{ptr} to
diff --git a/lib/safe-alloc.h b/lib/safe-alloc.h
index 08daaa86ee..4341b43edf 100644
--- a/lib/safe-alloc.h
+++ b/lib/safe-alloc.h
@@ -86,20 +86,6 @@ safe_alloc_check (void *ptr)
 #define ALLOC_N_UNINITIALIZED(ptr, count) \
   safe_alloc_check ((ptr) = reallocarray (NULL, count, sizeof *(ptr)))
 
-/**
- * REALLOC_N:
- * @ptr: pointer to allocated memory
- * @count: number of elements to allocate
- *
- * Re-allocate an array of 'count' elements, each sizeof *ptr
- * bytes long and store the address of allocated memory in
- * 'ptr'.  Fill the newly allocated memory with zeros.
- *
- * Return -1 on failure to reallocate, zero on success.
- */
-#define REALLOC_N(ptr, count) \
-  safe_alloc_check ((ptr) = reallocarray (ptr, count, sizeof *(ptr)))
-
 /**
  * FREE:
  * @ptr: pointer holding address to be freed
diff --git a/modules/safe-alloc b/modules/safe-alloc
index 370b30f625..72e079b8bb 100644
--- a/modules/safe-alloc
+++ b/modules/safe-alloc
@@ -1,6 +1,12 @@
 Description:
 A set of macros to make calls to alloc/calloc/realloc safer.
 
+Status:
+obsolete
+
+Notice:
+This module is obsolete.
+
 Files:
 lib/safe-alloc.h
 lib/safe-alloc.c
diff --git a/tests/test-safe-alloc.c b/tests/test-safe-alloc.c
index 32cb4714fd..332d378a92 100644
--- a/tests/test-safe-alloc.c
+++ b/tests/test-safe-alloc.c
@@ -42,11 +42,6 @@ main ()
 
   ASSERT (p->a == 0 && p->b == 0);
 
-  p->a = p->b = 42;
-  r = REALLOC_N (p, 5);
-
-  ASSERT (p[0].a == 42 && p[0].b == 42);
-
   FREE (p);
   ASSERT (p == NULL);
 
-- 
2.48.1

Re: safe-alloc: Does REALLOC_N leak if reallocation fails?

Reply via email to