svn commit: r265367 - head/lib/libc/regex

Andrey Chernov ache at
Mon May 5 22:00:32 UTC 2014

On 06.05.2014 1:52, David Chisnall wrote:
> This is not relying on undocumented intrinsic knowledge, this is relying on the standard library doing what is required of it.  There is a reason why secure coding standards have, for over a decade, said to prefer calloc() over malloc() unless profiling shows that calloc() is a bottleneck: it means that only one person needs to get the overflow checking right in one place, rather than everyone getting it right everywhere.  

It was unclear what type of ckecking you mean initially and confirm my
statement that such code is hard to understand. Even if it is for
arithmetic overflow, it is still semantically incorrect, see my other
answer. Main purpose of calloc is to zero memory, not to check its
argument, so its argument checking is side effect. It should be
implemented by the caller (as I already answer) and not by the price of


More information about the svn-src-head mailing list