From nobody Fri Oct  3 17:48:29 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cdbk61ghWz6BHc5;
	Fri, 03 Oct 2025 17:48:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cdbk56kBYz3TVZ;
	Fri, 03 Oct 2025 17:48:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1759513710;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=QRDkk9LTWWne52bskYn9C7AnPpyNSxWVge0o35kxZVo=;
	b=PeBRoFciHwdpQ6QsjCbt8V2yESLztjAHcnE+Hqws3THTmNTWnhBV7nSRsXXMrJTL4Ekkte
	fQYqLI+1ZX9yDgB2THg7Zzx36XuCRwBwkAumVhPYfe8lOd8xjhdR8a+LBJdMLZF8YPagYj
	Bx2l7tuHcQ3t++N2kOnaMETfuXYF+qb7EwCrTi877WhgtBIK1VTndTr/Juhq5Sn9k5bo+1
	kAM6fIsU/5v2PzIG5i8gQViP/2AcTpMkjfT3iD4x8Nt6XmRsq2/ypRid6hFLIMk9FWwiwV
	C5vBAjbUgRO9bYMIu4pycXypOF7bYKOPrb8GKKGmMh6kgG4pyLbhXkHtPREzDA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1759513710;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=QRDkk9LTWWne52bskYn9C7AnPpyNSxWVge0o35kxZVo=;
	b=fZA8rOf2NgXN/DHAZQw0/NSJUSrkVj7oS2rwctgXmRZRfzkfszFcMfJXdiKNmic/G6s3Bn
	TDu/D9w8z2VOR60AmaWHIEdaqNvMpxH8EJgLN+gyFpBzOMiMOApSECJ+DpJSQgBiLh64bw
	zJAZwYM/gpxhKbkdYTUIyAddJFseS2QIFHTiD8mD4SeCzDoj7HrI1sq5tc0dIO7joXJt7k
	QhwbA4fqecK18CQCYzAPSQuastFdFUnuUpsm/I+rxmdn5uNFoBjhxOjv9AAxAHojbCyBrT
	MaiByICSehmXyi/viwt54k/D7jVo5aQibgwgM7FqsYCtC2bZ8yHNmKiQ2FkAIQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1759513710; a=rsa-sha256; cv=none;
	b=J/jI8AHH/XNlQOGtxnua632DOy1IhCXGGCMGI9XlguiDeXcpAMfBUl7t63UPKmaH/gKBuk
	awq9qCf/4tl165yuWgfFIAqtRJlaBk2Wp8U/Czdo3yk6ajFcYmRdSoXJQGfU5Nf5h7TnBc
	NeLWb5caEZAUL6yhup5d0XswiVx2YQBiE5db94KAiZSC5iO0Phy4tDHaU3OTGKx/a4K3mt
	QL3pW1aHldcCeN0okM2nEO0RBZxF8ciaCITQFhln+zA6W6sXizLXSfjVR30nTXzW6PS5kV
	OYlUc/5B7Lm3J/y8/AhbO0An52YzIwzZ1GWOhykO+RaViX+JupW9ZJTaHJgmLA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cdbk56KcQz14j5;
	Fri, 03 Oct 2025 17:48:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 593HmT8c060776;
	Fri, 3 Oct 2025 17:48:29 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 593HmTBK060773;
	Fri, 3 Oct 2025 17:48:29 GMT
	(envelope-from git)
Date: Fri, 3 Oct 2025 17:48:29 GMT
Message-Id: <202510031748.593HmTBK060773@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Robert Clausecker <fuz@FreeBSD.org>
Subject: git: 7233893e9496 - main - lib{c,openbsd}: use ckd_mul()
  for overflow checking in re(c)allocarray
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: fuz
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 7233893e949689d378d38c11651e68321deed12c
Auto-Submitted: auto-generated

The branch main has been updated by fuz:

URL: https://cgit.FreeBSD.org/src/commit/?id=7233893e949689d378d38c11651e68321deed12c

commit 7233893e949689d378d38c11651e68321deed12c
Author:     Robert Clausecker <fuz@FreeBSD.org>
AuthorDate: 2025-10-02 13:26:46 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2025-10-03 17:45:54 +0000

    lib{c,openbsd}: use ckd_mul() for overflow checking in re(c)allocarray
    
    Summary:
    This makes the code easier to understand and slightly faster,
    but requires C23.  calloc() would  benefit, too, but I didn't
    want to touch the imported jemalloc code base.
    
    Reviewed by:    kib
    Differential Revision:  https://reviews.freebsd.org/D52854
---
 lib/libc/stdlib/reallocarray.c | 14 +++++---------
 lib/libopenbsd/recallocarray.c | 15 +++------------
 2 files changed, 8 insertions(+), 21 deletions(-)

diff --git a/lib/libc/stdlib/reallocarray.c b/lib/libc/stdlib/reallocarray.c
index 0868804486cc..3632734c84de 100644
--- a/lib/libc/stdlib/reallocarray.c
+++ b/lib/libc/stdlib/reallocarray.c
@@ -17,23 +17,19 @@
 
 #include <sys/types.h>
 #include <errno.h>
+#include <stdckdint.h>
 #include <stdint.h>
 #include <stdlib.h>
 
-/*
- * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
- * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
- */
-#define MUL_NO_OVERFLOW	((size_t)1 << (sizeof(size_t) * 4))
-
 void *
 reallocarray(void *optr, size_t nmemb, size_t size)
 {
+	size_t nbytes;
 
-	if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
-	    nmemb > 0 && SIZE_MAX / nmemb < size) {
+	if (ckd_mul(&nbytes, nmemb, size)) {
 		errno = ENOMEM;
 		return (NULL);
 	}
-	return (realloc(optr, size * nmemb));
+
+	return (realloc(optr, nbytes));
 }
diff --git a/lib/libopenbsd/recallocarray.c b/lib/libopenbsd/recallocarray.c
index 11e1fda744c7..cbf1fb2470cf 100644
--- a/lib/libopenbsd/recallocarray.c
+++ b/lib/libopenbsd/recallocarray.c
@@ -16,17 +16,12 @@
  */
 
 #include <errno.h>
+#include <stdckdint.h>
 #include <stdlib.h>
 #include <stdint.h>
 #include <string.h>
 #include <unistd.h>
 
-/*
- * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
- * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
- */
-#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4))
-
 void *recallocarray(void *, size_t, size_t, size_t);
 
 void *
@@ -38,19 +33,15 @@ recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size)
 	if (ptr == NULL)
 		return calloc(newnmemb, size);
 
-	if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
-	    newnmemb > 0 && SIZE_MAX / newnmemb < size) {
+	if (ckd_mul(&newsize, newnmemb, size)) {
 		errno = ENOMEM;
 		return NULL;
 	}
-	newsize = newnmemb * size;
 
-	if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
-	    oldnmemb > 0 && SIZE_MAX / oldnmemb < size) {
+	if (ckd_mul(&oldsize, oldnmemb, size)) {
 		errno = EINVAL;
 		return NULL;
 	}
-	oldsize = oldnmemb * size;
 	
 	/*
 	 * Don't bother too much if we're shrinking just a bit,