On Tue, Jul 22, 2014 at 02:51:17AM -0400, Jean-Philippe Ouellet wrote: > That is misleading in the M_CANFAIL case. > > I'm not terribly good at wording things, but I suggest something > more like this instead:
Hmm I think it's only misleading in the M_CANFAIL case. I think this diff makes it a little more complex than it needs to be. What do you think about leaving the malloc option section as-is and instead explain how mallocarray() operates before it calls malloc()? Something along these lines: "mallocarray(9) is a wrapper around malloc(9) that checks for overflow. If arithmetic overflow is detected, it returns NULL when M_CANFAIL is enabled or else calls panic(). Otherwise, it has the same behavior as malloc." Does that work?
