Theo de Raadt wrote:
> We need to make a decision if lex is upstream code or our own fork.
>
> If it is not our own fork -- then stay away from this. It is
> pointless putting increasing delta into code which does not run in
> risk environments.
I thought we had already made that decision based on tedu's recent
commits. Not sure though.
> > The second reallocarray is unnecessary, but it'll prevent the next forty
> > auditors from being distracted by malloc(x * sizeof(y)). I'm happy to
> > leave malloc if people prefer that.
> >
> > ok?
> >
> >
> > Index: scanflags.c
> > ===================================================================
> > RCS file: /cvs/src/usr.bin/lex/scanflags.c,v
> > retrieving revision 1.3
> > diff -u -p -r1.3 scanflags.c
> > --- scanflags.c 19 Nov 2015 23:20:34 -0000 1.3
> > +++ scanflags.c 26 Nov 2015 18:16:16 -0000
> > @@ -42,7 +42,8 @@ void
> > sf_push (void)
> > {
> > if (_sf_top_ix + 1 >= _sf_max)
> > - _sf_stk = (scanflags_t*) realloc ( (void*) _sf_stk,
> > sizeof(scanflags_t) * (_sf_max += 32));
> > + _sf_max += 32;
> > + _sf_stk = reallocarray(_sf_stk, _sf_max, sizeof(scanflags_t));
> >
> > // copy the top element
> > _sf_stk[_sf_top_ix + 1] = _sf_stk[_sf_top_ix];
> > @@ -61,7 +62,8 @@ void
> > sf_init (void)
> > {
> > assert(_sf_stk == NULL);
> > - _sf_stk = (scanflags_t*) malloc ( sizeof(scanflags_t) * (_sf_max =
> > 32));
> > + _sf_max = 32;
> > + _sf_stk = reallocarray(NULL, _sf_max, sizeof(scanflags_t));
> > if (!_sf_stk)
> > lerrsf_fatal(_("Unable to allocate %ld of stack"),
> > (void *)sizeof(scanflags_t));
> >
>
