On Tue, Jul 22, 2014 at 21:21, Doug Hogan wrote: > On Tue, Jul 22, 2014 at 02:51:17AM -0400, Jean-Philippe Ouellet wrote: >> That is misleading in the M_CANFAIL case. >> >> I'm not terribly good at wording things, but I suggest something >> more like this instead: > > Hmm I think it's only misleading in the M_CANFAIL case. I think this > diff makes it a little more complex than it needs to be. What do you > think about leaving the malloc option section as-is and instead > explain how mallocarray() operates before it calls malloc()? > > Something along these lines: "mallocarray(9) is a wrapper around > malloc(9) that checks for overflow. If arithmetic overflow is detected, > it returns NULL when M_CANFAIL is enabled or else calls panic(). > Otherwise, it has the same behavior as malloc." > > Does that work?
This is a kernel interface. I think some expectation of "read the source" is not unwarranted. The man page should tell you what it does and why you want it, but I'm not convinced all internal behaviors need be documented. That's my view, anyway.
