From: "Theo de Raadt" <deraadt@openbsd.org>
Subject: Re: watch(1) - periodically execute a command and display its output
To: Job Snijders <job@openbsd.org>
Cc: tech@openbsd.org
Date: Mon, 19 May 2025 18:45:00 -0600

+       cmdstr = "";
+       for (i = 0; i < argc; i++) {
+               cmdv[i] = argv[i];
+               while (strlen(cmdstr) + strlen(argv[i]) + 3 > cmdsiz) {
+                       if (cmdsiz == 0) {
+                               cmdsiz = 128;
+                               if ((s = calloc(cmdsiz, 1)) == NULL)
+                                       err(1, NULL);
+                       } else {
+                               cmdsiz *= 2;
+                               s = realloc(cmdstr, cmdsiz);
+                       }
+                       if (s == NULL)
+                               err(EX_OSERR, "malloc");
+                       cmdstr = s;
+               }
+               if (i != 0)
+                       strlcat(cmdstr, " ", cmdsiz);
+               strlcat(cmdstr, argv[i], cmdsiz);
+       }
+       cmdv[i++] = NULL;

This construct is weird, because all the fields are known.

It could use one loop to add up the sizes, perform one malloc, then another
loop to fill the string.