Luke Small <[email protected]> wrote:
> malloc(3) already speaks to programmers who might use int multiplication and
> telling
> them to test for int multiplication overflow in malloc(), so you presume that
> they are
> already prepared to use something smaller than size_t, when you could have
> just said:
> “only use size_t variables for integer types.” and cut out the int
> multiplication
> overflow test example.
It seems you don't understand C, and don't want to be taught.
> In the manpage you could succinctly state:
>
> In malloc(3):
> “If you use smaller integer types than size_t for ‘nmemb’ and ‘size’, then
> multiplication in freezero() may need to be cast to size_t to avoid integer
> overflow:
> freezero(ptr, (size_t)nmemb * (size_t)size);”
> Or maybe even: freezero(ptr, (size_t)nmemb * size);
That is incorrect.
> Or:
>
> void freeczero( size_t nmemb, size_t size)
> {
> freezero(nmemb * size);
> }
Not going to happen.
> I suspect that freezero() is already little more than:
>
> void freezero(void *ptr, size_t size)
> {
> explicit_bzero(ptr, size);
> free(ptr);
> }
Wrong.
