cleanup reallocarr(3)

src/distrib/sets/lists/comp/mi

@@ -6395,6 +6395,7 @@
 ./usr/share/man/cat3/erase.0			comp-c-catman		.cat
 ./usr/share/man/cat3/erasechar.0		comp-c-catman		.cat
 ./usr/share/man/cat3/erealloc.0			comp-c-catman		.cat
+./usr/share/man/cat3/ereallocarr.0		comp-c-catman		.cat
 ./usr/share/man/cat3/erf.0			comp-c-catman		.cat
 ./usr/share/man/cat3/erfc.0			comp-c-catman		.cat
 ./usr/share/man/cat3/erfcf.0			comp-c-catman		.cat
@@ -13280,6 +13281,7 @@
 ./usr/share/man/html3/erase.html		comp-c-htmlman		html
 ./usr/share/man/html3/erasechar.html		comp-c-htmlman		html
 ./usr/share/man/html3/erealloc.html		comp-c-htmlman		html
+./usr/share/man/html3/ereallocarr.html		comp-c-htmlman		html
 ./usr/share/man/html3/erf.html			comp-c-htmlman		html
 ./usr/share/man/html3/erfc.html			comp-c-htmlman		html
 ./usr/share/man/html3/erfcf.html		comp-c-htmlman		html
@@ -20076,6 +20078,7 @@
 ./usr/share/man/man3/erase.3			comp-c-man		.man
 ./usr/share/man/man3/erasechar.3		comp-c-man		.man
 ./usr/share/man/man3/erealloc.3			comp-c-man		.man
+./usr/share/man/man3/ereallocarr.3		comp-c-man		.man
 ./usr/share/man/man3/erf.3			comp-c-man		.man
 ./usr/share/man/man3/erfc.3			comp-c-man		.man
 ./usr/share/man/man3/erfcf.3			comp-c-man		.man

src/include/util.h

@@ -152,6 +152,7 @@ uintmax_t	estrtou(const char *, int, uintmax_t, uintmax_t);
 void 		*ecalloc(size_t, size_t);
 void 		*emalloc(size_t);
 void 		*erealloc(void *, size_t);
+void 		ereallocarr(void *, size_t, size_t);
 struct __sFILE	*efopen(const char *, const char *);
 int	 	easprintf(char ** __restrict, const char * __restrict, ...)
 			__printflike(2, 3);

src/lib/libc/stdlib/Makefile.inc

@@ -52,7 +52,7 @@ MAN+=	a64l.3 abort.3 abs.3 alloca.3 atexit.3 atof.3 atoi.3 atol.3 atoll.3 \
 	malloc.3 memory.3 mi_vector_hash.3 \
 	posix_memalign.3 posix_openpt.3 ptsname.3 \
 	qabs.3 qdiv.3 quick_exit.3 qsort.3 \
-	radixsort.3 rand48.3 rand.3 random.3 reallocarr.3 reallocarray.3 \
+	radixsort.3 rand48.3 rand.3 random.3 reallocarray.3 \
 	strfmon.3 strsuftoll.3 strtod.3 strtol.3 strtoul.3 strtonum.3 \
 	system.3 \
 	tsearch.3 \
@@ -73,7 +73,8 @@ MLINKS+=hcreate.3 hcreate_r.3 hcreate.3 hdestroy_r.3 hcreate.3 hsearch_r.3
 MLINKS+=hcreate.3 hdestroy1.3 hcreate.3 hdestroy1_r.3
 MLINKS+=insque.3 remque.3
 MLINKS+=lsearch.3 lfind.3
-MLINKS+=malloc.3 calloc.3 malloc.3 realloc.3 malloc.3 free.3
+MLINKS+=malloc.3 calloc.3 malloc.3 realloc.3 malloc.3 reallocarr.3
+MLINKS+=malloc.3 free.3
 MLINKS+=qsort.3 heapsort.3 qsort.3 mergesort.3
 MLINKS+=ptsname.3 ptsname_r.3
 MLINKS+=rand.3 rand_r.3

src/lib/libc/stdlib/malloc.3

@@ -34,11 +34,11 @@
 .\"     @(#)malloc.3	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD: src/lib/libc/stdlib/malloc.3,v 1.73 2007/06/15 22:32:33 jasone Exp $
 .\"
-.Dd February 5, 2015
+.Dd March 17, 2015
 .Dt MALLOC 3
 .Os
 .Sh NAME
-.Nm malloc , calloc , realloc , free
+.Nm malloc , calloc , realloc , reallocarr , free
 .Nd general purpose memory allocation functions
 .Sh LIBRARY
 .Lb libc
@@ -50,6 +50,8 @@
 .Fn calloc "size_t number" "size_t size"
 .Ft void *
 .Fn realloc "void *ptr" "size_t size"
+.Ft int
+.Fn reallocarr "void *ptr" "size_t number" "size_t size"
 .Ft void
 .Fn free "void *ptr"
 .Sh DESCRIPTION
@@ -106,6 +108,35 @@ function behaves identically to
 for the specified size.
 .Pp
 The
+.Fn reallocarr
+function is a safe extension to
+.Fn realloc ,
+it reallocates the memory in
+.Fa *ptr
+to
+.Fa number
+objects, each
+.Fa size
+bytes in length.
+If the new length is equal to 0 then
+.Fn free
+is called for the given
+.Fa *ptr .
+On successful completion
+.Fn reallocarr
+updates
+.Fa *ptr ,
+otherwise the referenced memory is unmodified.
+This implies that
+.Fn reallocarr
+with new
+.Dv 0
+byte length will set
+.Fa *ptr
+to
+.Dv NULL .
+.Pp
+The
 .Fn free
 function causes the allocated memory referenced by
 .Fa ptr
@@ -146,6 +177,18 @@ function always leaves the original buffer intact
 when an error occurs.
 .Pp
 The
+.Fn reallocarr
+function returns reallocation status and guarantees to leave errno unchanged.
+The return status is preserved from the wrapped
+.Fn realloc
+call or set to
+.Er EOVERFLOW
+when overflow is detected in the multiplication of
+.Fa number
+and
+.Fa size .
+.Pp
+The
 .Fn free
 function returns no value.
 .Sh EXAMPLES
@@ -253,7 +296,6 @@ size = newsize;
 .Xr getpagesize 3 ,
 .Xr memory 3 ,
 .Xr posix_memalign 3 ,
-.Xr reallocarr 3
 .Pp
 For the implementation details, see
 .Xr jemalloc 3 .
@@ -266,3 +308,80 @@ and
 .Fn free
 functions conform to
 .St -isoC .
+.Pp
+.Fn reallocarr
+is a
+.Nx
+extension.
+.Sh HISTORY
+A
+.Fn free
+internal kernel function and a predecessor to
+.Fn malloc ,
+.Fn alloc ,
+first appeared in
+.At v1 .
+C library functions
+.Fn alloc
+and
+.Fn free
+appeared in
+.At v6 .
+The functions
+.Fn malloc ,
+.Fn calloc ,
+and
+.Fn realloc
+first appeared in
+.At v7 .
+.Pp
+A new implementation by Chris Kingsley was introduced in
+.Bx 4.2 ,
+followed by a complete rewrite by Poul-Henning Kamp (
+.Dq phk's malloc
+or
+.Dq new malloc
+) which appeared in
+.Fx 2.2
+and was included in
+.Nx  1.5
+and
+.Ox 2.0 .
+These implementations were all
+.Xr sbrk 2
+based.
+.Pp
+The
+.Fn jemalloc 3
+allocator became the default system allocator first in
+.Fx 7.0
+and then in
+.Nx 5.0 .
+.Pp
+.Fn reallocarr
+first appeared in
+.Nx 8.0 .
+.Sh CAVEATS
+When using
+.Fn malloc
+or
+.Fn realloc
+be wary of overflow when there is multiplication in the
+.Fa size
+argument.
+.Pp
+Signed integer overflow will cause undefined behavior which compilers
+typically handle by wrapping back around to negative numbers.
+Depending on the input, this can result in allocating more or less
+memory than intended.
+.Pp
+An unsigned overflow has defined behavior which will wrap back around and
+return less memory than intended.
+.Pp
+A signed or unsigned integer overflow is a
+.Em security
+risk if less memory is returned than intended.
+Subsequent code may corrupt the heap by writing beyond the memory that was
+allocated.
+An attacker may be able to leverage this heap corruption to execute arbitrary
+code.

src/lib/libc/stdlib/reallocarr.c

@@ -49,24 +49,24 @@ __weak_alias(reallocarr, _reallocarr)
 #endif
 
 int
-reallocarr(void *ptr, size_t num, size_t size)
+reallocarr(void *ptr, size_t number, size_t size)
 {
 	int saved_errno, result;
 	void *optr;
 	void *nptr;
 
-	memcpy(&optr, ptr, sizeof(ptr));
 	saved_errno = errno;
-	if (num == 0 || size == 0) {
+	memcpy(&optr, ptr, sizeof(ptr));
+	if (number == 0 || size == 0) {
 		free(optr);
 		nptr = NULL;
 		memcpy(ptr, &nptr, sizeof(ptr));
 		errno = saved_errno;
 		return 0;
 	}
-	if ((num >= 65535 || size >= 65535) && num > SIZE_MAX / size)
+	if ((number >= 65535 || size >= 65535) && number > SIZE_MAX / size)
 		return EOVERFLOW;
-	nptr = realloc(optr, num * size);
+	nptr = realloc(optr, number * size);
 	if (nptr == NULL) {
 		result = errno;
 	} else {

src/lib/libc/stdlib/reallocarray.c

@@ -1,3 +1,4 @@
+/*	$NetBSD: $	*/
 /*	$OpenBSD: reallocarray.c,v 1.1 2014/05/08 21:43:49 deraadt Exp $	*/
 
 /*-

src/lib/libutil/Makefile

@@ -82,6 +82,7 @@ MLINKS+=efun.3 estrtou.3
 MLINKS+=efun.3 emalloc.3
 MLINKS+=efun.3 ecalloc.3
 MLINKS+=efun.3 erealloc.3
+MLINKS+=efun.3 ereallocarr.3
 MLINKS+=efun.3 efopen.3
 MLINKS+=efun.3 evasprintf.3
 MLINKS+=stat_flags.3 string_to_flags.3

src/lib/libutil/efun.3

@@ -37,6 +37,7 @@
 .Nm emalloc ,
 .Nm ecalloc ,
 .Nm erealloc ,
+.Nm ereallocarr ,
 .Nm estrdup ,
 .Nm estrndup ,
 .Nm estrlcat ,
@@ -61,6 +62,8 @@
 .Fn emalloc "size_t n"
 .Ft void *
 .Fn erealloc "void *p" "size_t n"
+.Ft void
+.Fn ereallocarr "void *p" "size_t n" "size_t n"
 .Ft char *
 .Fn estrdup "const char *s"
 .Ft char *
@@ -82,6 +85,7 @@ The
 .Fn ecalloc ,
 .Fn emalloc ,
 .Fn erealloc ,
+.Fn ereallocarr ,
 .Fn estrdup ,
 .Fn estrndup ,
 .Fn estrlcat ,
@@ -118,6 +122,7 @@ error handler will just call
 .Xr fopen 3 ,
 .Xr malloc 3 ,
 .Xr realloc 3 ,
+.Xr reallocarr 3 ,
 .Xr strdup 3 ,
 .Xr strlcat 3 ,
 .Xr strlcpy 3 ,
@@ -127,8 +132,9 @@ error handler will just call
 .Xr vasprintf 3
 .Sh HISTORY
 The
-.Fn estrtoi
+.Fn estrtoi ,
+.Fn estrtou ,
 and
-.Fn estrtou
+.Fn ereallocarr
 functions were added in
 .Nx 8 .