fix calloc when __simple_malloc implementation is used

previously, calloc's implementation encoded assumptions about the
implementation of malloc, accessing a size_t word just prior to the
allocated memory to determine if it was obtained by mmap to optimize
out the zero-filling. when __simple_malloc is used (static linking a
program with no realloc/free), it doesn't matter if the result of this
check is wrong, since all allocations are zero-initialized anyway. but
the access could be invalid if it crosses a page boundary or if the
pointer is not sufficiently aligned, which can happen for very small
allocations.

this patch fixes the issue by moving the zero-fill logic into malloc.c
with the full malloc, as a new function named __malloc0, which is
provided by a weak alias to __simple_malloc (which always gives
zero-filled memory) when the full malloc is not in use.

src/malloc/calloc.c

@@ -1,22 +1,13 @@
 #include <stdlib.h>
 #include <errno.h>
 
+void *__malloc0(size_t);
+
 void *calloc(size_t m, size_t n)
 {
-	void *p;
-	size_t *z;
 	if (n && m > (size_t)-1/n) {
 		errno = ENOMEM;
 		return 0;
 	}
-	n *= m;
-	p = malloc(n);
-	if (!p) return 0;
-	/* Only do this for non-mmapped chunks */
-	if (((size_t *)p)[-1] & 7) {
-		/* Only write words that are not already zero */
-		m = (n + sizeof *z - 1)/sizeof *z;
-		for (z=p; m; m--, z++) if (*z) *z=0;
-	}
-	return p;
+	return __malloc0(n * m);
 }

src/malloc/lite_malloc.c

@@ -47,3 +47,4 @@ void *__simple_malloc(size_t n)
 }
 
 weak_alias(__simple_malloc, malloc);
+weak_alias(__simple_malloc, malloc0);

src/malloc/malloc.c

@@ -356,6 +356,17 @@ void *malloc(size_t n)
 	return CHUNK_TO_MEM(c);
 }
 
+void *__malloc0(size_t n)
+{
+	void *p = malloc(n);
+	if (p && !IS_MMAPPED(MEM_TO_CHUNK(p))) {
+		size_t *z;
+		n = (n + sizeof *z - 1)/sizeof *z;
+		for (z=p; n; n--, z++) if (*z) *z=0;
+	}
+	return p;
+}
+
 void *realloc(void *p, size_t n)
 {
 	struct chunk *self, *next;