From owner-svn-src-all@FreeBSD.ORG Mon May 5 21:52:37 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 771BBE08; Mon, 5 May 2014 21:52:37 +0000 (UTC) Received: from theravensnest.org (theraven.freebsd.your.org [216.14.102.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cloud.theravensnest.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 427D7A6D; Mon, 5 May 2014 21:52:36 +0000 (UTC) Received: from [192.168.0.7] (cpc14-cmbg15-2-0-cust307.5-4.cable.virginm.net [82.26.1.52]) (authenticated bits=0) by theravensnest.org (8.14.7/8.14.7) with ESMTP id s45LqRsA035299 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 5 May 2014 21:52:32 GMT (envelope-from theraven@FreeBSD.org) Content-Type: text/plain; charset=koi8-r Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) Subject: Re: svn commit: r265367 - head/lib/libc/regex From: David Chisnall In-Reply-To: <53680532.7050605@freebsd.org> Date: Mon, 5 May 2014 22:52:21 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <201405051641.s45GfFje086423@svn.freebsd.org> <5367CD77.40909@freebsd.org> <53680532.7050605@freebsd.org> To: Andrey Chernov X-Mailer: Apple Mail (2.1874) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, "Pedro F. Giffuni" , src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 May 2014 21:52:37 -0000 On 5 May 2014, at 22:40, Andrey Chernov wrote: > On 05.05.2014 22:28, David Chisnall wrote: >> On 5 May 2014, at 18:42, Andrey Chernov wrote: >>=20 >>> Please don't commit OpenBSD errors. Now you mix calloc() with the >>> realloc() for the same variable later which makes calloc() zeroing >>> pointless and waste of CPU. >>=20 >> The purpose of calloc() here is not (primarily) to get the zero'd = size, it's to get the overflow-checking behaviour for calloc. =20 >=20 > It is better to avoid using undocumented intrinsic knowledge of = standard > function particular implementation, this is unportable at least and = hard > to understand too. calloc() is required to return either NULL or a valid pointer to the = requested amount of memory. An implementation that does not correctly = check for overflow is buggy and will be regarded as a security hole = (see: http://cert.uni-stuttgart.de/ticker/advisories/calloc.html), but = fortunately these were all fixed by around 2004. This is not relying on undocumented intrinsic knowledge, this is relying = on the standard library doing what is required of it. There is a reason = why secure coding standards have, for over a decade, said to prefer = calloc() over malloc() unless profiling shows that calloc() is a = bottleneck: it means that only one person needs to get the overflow = checking right in one place, rather than everyone getting it right = everywhere. =20 David