use recallocarray() because the array contains data that can be observed

diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index 6f75736..ef9a0b4 100644 (file)
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: comsat.c,v 1.46 2017/04/02 00:53:37 guenther Exp $    */
+/*     $OpenBSD: comsat.c,v 1.47 2017/04/03 17:07:58 deraadt Exp $     */
 
 /*
  * Copyright (c) 1980, 1993
@@ -186,7 +186,8 @@ doreadutmp(void)
                            sizeof(struct utmp);
                        struct utmp *u;
 
-                       if ((u = realloc(utmp, nutmpsize)) == NULL) {
+                       if ((u = recallocarray(utmp, utmpsize,
+                           nutmpsize, 1)) == NULL) {
                                free(utmp);
                                syslog(LOG_ERR, "%s", strerror(errno));
                                exit(1);