1 files changed, 13 insertions, 32 deletions
diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3
index 3c4d01f816..09b901e359 100644
--- a/src/lib/libc/stdlib/malloc.3
+++ b/src/lib/libc/stdlib/malloc.3
@@ -30,9 +30,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $OpenBSD: malloc.3,v 1.106 2017/03/24 16:17:50 otto Exp $
+.\"     $OpenBSD: malloc.3,v 1.107 2017/03/26 09:21:33 otto Exp $
 .\"
-.Dd $Mdocdate: March 24 2017 $
+.Dd $Mdocdate: March 26 2017 $
 .Dt MALLOC 3
 .Os
 .Sh NAME
@@ -164,20 +164,11 @@ pointer, no action occurs.
 If
 .Fa ptr
 was previously freed by
-.Fn free ,
+.Fn free
-.Fn realloc ,
+or an allocation function,
-.Fn reallocarray
-or
-.Fn recallocarray ,
 the behavior is undefined and the double free is a security concern.
 .Sh RETURN VALUES
-Upon successful completion, the functions
+Upon successful completion, the allocation functions
-.Fn malloc ,
-.Fn calloc ,
-.Fn realloc ,
-.Fn reallocarray
-and
-.Fn recallocarray
 return a pointer to the allocated space; otherwise, a
 .Dv NULL
 pointer is returned and
@@ -380,9 +371,10 @@ if ((p = malloc(size * num)) == NULL)
 Assuming the implementation checks for integer overflow as
 .Ox
 does, it is much easier to use
-.Fn calloc
+.Fn calloc ,
+.Fn reallocarray ,
 or
-.Fn reallocarray .
+.Fn recallocarray .
 .Pp
 The above examples could be simplified to:
 .Bd -literal -offset indent
@@ -396,14 +388,7 @@ if ((p = calloc(num, size)) == NULL)
        err(1, NULL);
 .Ed
 .Sh DIAGNOSTICS
-If
+If any of the functions detect an error condition,
-.Fn malloc ,
-.Fn calloc ,
-.Fn realloc ,
-.Fn reallocarray ,
-or
-.Fn free
-detect an error condition,
 a message will be printed to file descriptor
 2 (not using stdio).
 Errors will result in the process being aborted.
@@ -413,12 +398,7 @@ Here is a brief description of the error messages and what they mean:
 .It Dq out of memory
 If the
 .Cm X
-option is specified it is an error for
+option is specified it is an error for the allocation functions
-.Fn malloc ,
-.Fn calloc ,
-.Fn realloc ,
-or
-.Fn reallocarray
 to return
 .Dv NULL .
 .It Dq malloc init mmap failed
@@ -588,9 +568,10 @@ An attacker may be able to leverage this heap corruption to execute arbitrary
 code.
 .Pp
 Consider using
-.Fn calloc
+.Fn calloc ,
-or
 .Fn reallocarray
+or
+.Fn recallocarray
 instead of using multiplication in
 .Fn malloc
 and

diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3 index 3c4d01f816..09b901e359 100644 --- a/src/lib/libc/stdlib/malloc.3 +++ b/src/lib/libc/stdlib/malloc.3
@@ -30,9 +30,9 @@
30	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	30	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	.\" SUCH DAMAGE.	31	.\" SUCH DAMAGE.
32	.\"	32	.\"
33	.\" $OpenBSD: malloc.3,v 1.106 2017/03/24 16:17:50 otto Exp $	33	.\" $OpenBSD: malloc.3,v 1.107 2017/03/26 09:21:33 otto Exp $
34	.\"	34	.\"
35	.Dd $Mdocdate: March 24 2017 $	35	.Dd $Mdocdate: March 26 2017 $
36	.Dt MALLOC 3	36	.Dt MALLOC 3
37	.Os	37	.Os
38	.Sh NAME	38	.Sh NAME
@@ -164,20 +164,11 @@ pointer, no action occurs.
164	If	164	If
165	.Fa ptr	165	.Fa ptr
166	was previously freed by	166	was previously freed by
167	.Fn free ,	167	.Fn free
168	.Fn realloc ,	168	or an allocation function,
169	.Fn reallocarray
170	or
171	.Fn recallocarray ,
172	the behavior is undefined and the double free is a security concern.	169	the behavior is undefined and the double free is a security concern.
173	.Sh RETURN VALUES	170	.Sh RETURN VALUES
174	Upon successful completion, the functions	171	Upon successful completion, the allocation functions
175	.Fn malloc ,
176	.Fn calloc ,
177	.Fn realloc ,
178	.Fn reallocarray
179	and
180	.Fn recallocarray
181	return a pointer to the allocated space; otherwise, a	172	return a pointer to the allocated space; otherwise, a
182	.Dv NULL	173	.Dv NULL
183	pointer is returned and	174	pointer is returned and
@@ -380,9 +371,10 @@ if ((p = malloc(size * num)) == NULL)
380	Assuming the implementation checks for integer overflow as	371	Assuming the implementation checks for integer overflow as
381	.Ox	372	.Ox
382	does, it is much easier to use	373	does, it is much easier to use
383	.Fn calloc	374	.Fn calloc ,
		375	.Fn reallocarray ,
384	or	376	or
385	.Fn reallocarray .	377	.Fn recallocarray .
386	.Pp	378	.Pp
387	The above examples could be simplified to:	379	The above examples could be simplified to:
388	.Bd -literal -offset indent	380	.Bd -literal -offset indent
@@ -396,14 +388,7 @@ if ((p = calloc(num, size)) == NULL)
396	err(1, NULL);	388	err(1, NULL);
397	.Ed	389	.Ed
398	.Sh DIAGNOSTICS	390	.Sh DIAGNOSTICS
399	If	391	If any of the functions detect an error condition,
400	.Fn malloc ,
401	.Fn calloc ,
402	.Fn realloc ,
403	.Fn reallocarray ,
404	or
405	.Fn free
406	detect an error condition,
407	a message will be printed to file descriptor	392	a message will be printed to file descriptor
408	2 (not using stdio).	393	2 (not using stdio).
409	Errors will result in the process being aborted.	394	Errors will result in the process being aborted.
@@ -413,12 +398,7 @@ Here is a brief description of the error messages and what they mean:
413	.It Dq out of memory	398	.It Dq out of memory
414	If the	399	If the
415	.Cm X	400	.Cm X
416	option is specified it is an error for	401	option is specified it is an error for the allocation functions
417	.Fn malloc ,
418	.Fn calloc ,
419	.Fn realloc ,
420	or
421	.Fn reallocarray
422	to return	402	to return
423	.Dv NULL .	403	.Dv NULL .
424	.It Dq malloc init mmap failed	404	.It Dq malloc init mmap failed
@@ -588,9 +568,10 @@ An attacker may be able to leverage this heap corruption to execute arbitrary
588	code.	568	code.
589	.Pp	569	.Pp
590	Consider using	570	Consider using
591	.Fn calloc	571	.Fn calloc ,
592	or
593	.Fn reallocarray	572	.Fn reallocarray
		573	or
		574	.Fn recallocarray
594	instead of using multiplication in	575	instead of using multiplication in
595	.Fn malloc	576	.Fn malloc
596	and	577	and