On 06.05.2014 1:52, David Chisnall wrote: > This is not relying on undocumented intrinsic knowledge, this is relying on > the standard library doing what is required of it. There is a reason why > secure coding standards have, for over a decade, said to prefer calloc() over > malloc() unless profiling shows that calloc() is a bottleneck: it means that > only one person needs to get the overflow checking right in one place, rather > than everyone getting it right everywhere.
It was unclear what type of ckecking you mean initially and confirm my statement that such code is hard to understand. Even if it is for arithmetic overflow, it is still semantically incorrect, see my other answer. Main purpose of calloc is to zero memory, not to check its argument, so its argument checking is side effect. It should be implemented by the caller (as I already answer) and not by the price of zeroing. -- http://ache.vniz.net/ _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
