found with regress/usr.bin/mandoc/db/dbm_dump;
OK jmc@

definite value in the size == 0 case

is not initialized. Problem spotted by Carlin Bingham; ok phessler@ tedu@

prefix if the character following it is a valid hex char.  The C99
standard is clear that given the string "0xy" zero should be returned
and endptr set to point to the "x".  OK deraadt@ espie@

From Klemens Nanni

src/lib/libc/gen/tree.c is a copy of src/sys/kern/subr_tree.c, but with
annotations for symbol visibility. changes to one should be reflected
in the other.
the malloc debug code that uses RB code is ported to RBT.
because libc provides the RBT code, procmap doesn't have to reach into
the kernel and build subr_tree.c itself now.
mild enthusiasm from many
ok guenther@

insertion sort (when the number of elements is < 7).

Previously they would be swapped a byte at a time when sizeof(int)
!= sizeof(long).  Idea from FreeBSD.

exceeds 2 lg N and add a reference to the introsort paper.

when the recursion depth reaches 2*lg(n + 1).  This avoids quicksort's
quadratic behavior for pathological input without appreciably
changing the average run time.

side of the array being partitioned to save on stack space.  Greater
savings can be gained by choosing recursion for the smaller side
of the partition and eliminating recursion for the larger side.
This also results in a small but measurable performance gain.
OK otto@ schwarze@

From "fenderq" on freenode via tj@

- document posix_memalign() does not play nice with reacallocarray(3) and
freezero(3)

use fallback mechanims if unsuccessful.
The design of Linux getrandom is broken.  It has an
uninitialized phase coupled with blocking behaviour, which
is unacceptable from within a library at boot time without
possible recovery.
ok deraadt@ jsing@

size if canaries are enabled. In that case we have the exact requested
size of the allocation.  But we can at least check the given size
against the chunk size if C is not enabled. Plus add some braces
so my brain doesn't have to scan for dangling else problems when I
see this code.

to separate the open(/dev/ptm) from the ioctl(PTMGET) for privilege
separation or pledge().
Based on a diff from reyk@.
ok deraadt millert

and ok jeremy@

misaligned memory accesses with armv7 ramdisk -Os bsd.rd ping
ok florian millert

version uses the two-way string matching algorithm and is faster
than the old implementation.  With this change, ports that check
for strstr having linear complexity time strstr will no longer
replace the libc strstr with a private version.
OK deraadt@ espie@

In our privsep model, imsg is often used to transport sensitive
information between processes.  But a process might free an imsg, and
reuse the memory for a different thing.  iked uses some
explicit_bzero() to clean imsg-buffer but doing it in the library with
the freezero() is less error-prone and also benefits other daemons.
OK deraadt@ jsing@ claudio@

no longer has access to the content of a memmory object. It does
this by either clearing (if the object memory remains cached) or
by calling munmap(2). ok millert@, deraadt@, guenther@

ok deraadt@

detected wrt recallocarray()

ok jmc@ deraadt@

from David CARLIER

never occur

- use internal meta-data to do more consistency checking (especially with
option C)
- use cheap free if possible
ok deraadt@

more portable. Add stdint.h to the headers in imsg_init(3).
No objections from millert@.

make the behaviour -> use case connection.
help from jmc and jsing

the standard realloc*() functions can leave behind.  imsg buffers are
sometimes used in protocol stacks which require some secrecy, and layering
violations would be needed to resolve this issue otherwise.
Discussed with many.

on additions.  This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN
will still be flagged as a range error).  ok millert@

ok djm@ millert@

ok deraadt@ djm@

using AFL against ssh_config. ok deraadt@ millert@

help and ok from tom@ and deraadt@