Problem reported by Vivien Kraus in:
https://lists.gnu.org/r/bug-gnulib/2025-07/msg00073.html
This module never caught on.
* lib/safe-alloc.h (REALLOC_N): Remove.
* modules/safe-alloc: Now obsolete.
* tests/test-safe-alloc.c (main): Remove REALLOC_N test.
The old implementation assumed that all pointers use the same
internal representation, but the C standard doesn’t guarantee
this. Use void * (pointer) not void ** (pointer-to-pointer) for
the internal functions’ API. The internal functions now return
NULL if and only if they failed, and the macros translate that
into -1 or 0 to satisfy the existing API.
* doc/safe-alloc.texi (Safe Allocation Macros): Mention overflow.
* lib/safe-alloc.c: Major rewrite. Now this simply
defines SAFE_ALLOC_INLINE and includes safe-alloc.h.
* lib/safe-alloc.h: Include stddef.h, not stdlib.h.
(SAFE_ALLOC_INLINE): New macro; use Gnulib inline function style.
(safe_alloc_realloc_n): New API, which passes and returns
the pointer, and which returns NULL if and only if failure occurs.
(safe_alloc_check): New function.
(ALLOC, ALLOC_N, ALLOC_N_UNINITIALIZED, REALLOC_N):
Redo using the new API for internal functions, and using calloc
which is good enough since it’s GNU-compatible now.
(FREE): Expand to an expression rather than merely to something
that needs a following ‘;’ to become a statement.
* modules/safe-alloc (Depends-on): Add calloc-gnu.
* lib/safe-alloc.c: Do not include xalloc-oversized.h.
(safe_alloc_alloc_n, safe_alloc_realloc_n):
Use reallocarray to check for size or ptrdiff_t overflow.
* modules/reallocarray (License): Switch from LGPL to LGPLv2+, as
this is needed for safe-alloc and anyway is more appropriate for
this library function common with BSD.
* modules/safe-alloc (Depends-on): Depend on reallocarray
rather than xalloc-oversized.
Paul Eggert