ptrdiff_t overflow checks for malloc-posix etc.

[Paul Eggert]

I installed the attached patches into Gnulib to make its malloc 
replacements ptrdiff_t safe. This should help us move in a direction 
where we can use idx_t (which is signed and therefore safer) for sizes 
and indexes, instead of using size_t.

In creating these patches I found a reasonable amount of cruft of which 
I tried to clean up some (see ChangeLog entry). If I went too far please 
let me know and I’ll work to unclean it.

I initially attempted to come up with new modules malloc-ptrdiff_t, etc. 
but ran into complexity issues with all the possible combinations the 
various malloc modules. So instead, I simply added the fixes to 
malloc-posix, realloc-posix, and realloc-posix, where they will 
automatically percolate into malloc-gnu etc.

Come to think of it, why do we have both malloc-gnu and malloc-posix 
modules (and similarly for calloc and realloc)?  Was it because GNU 
realloc was incompatible with C99 realloc, so we needed realloc-gnu vs 
realloc-posix modules?  If so, I suggest that we stop worrying about it, 
as that worry is now obsolete - C17 allows the GNU behavior.

In other words, I suggest that we remove malloc-posix, realloc-posix and 
calloc-posix, or failing that simply make them obsolete compatibility 
aliases for malloc-gnu etc. This would simplify the configuration of 
malloc-using code, and any runtime cost would surely be insignificant 
(and would occur only on older or non-GNU hosts).

The first attached patch does the heavy lifting; the second shows how 
the xalloc module can be simplified because of the malloc etc. fixes. 
Other simplifications are possible elsewhere; one step at a time.

0001-malloc-etc.-check-for-ptrdiff_t-overflow.patch
Description: Text Data

0002-xalloc-adjust-to-malloc-ptrdiff_t-change.patch
Description: Text Data