Index: lib/libgssapi/gss_buffer_set.c
===================================================================
--- lib/libgssapi/gss_buffer_set.c
+++ lib/libgssapi/gss_buffer_set.c
@@ -76,8 +76,8 @@
 	}
 
 	set = *buffer_set;
-	set->elements = realloc(set->elements,
-	    (set->count + 1) * sizeof(set->elements[0]));
+	set->elements = reallocarray(set->elements, set->count + 1,
+	    sizeof(set->elements[0]));
 	if (set->elements == NULL) {
 		*minor_status = ENOMEM;
 		return (GSS_S_FAILURE);
Index: lib/libiconv_modules/ISO2022/citrus_iso2022.c
===================================================================
--- lib/libiconv_modules/ISO2022/citrus_iso2022.c
+++ lib/libiconv_modules/ISO2022/citrus_iso2022.c
@@ -259,8 +259,8 @@
 	if (!ei->recommend[i])
 		ei->recommend[i] = malloc(sizeof(_ISO2022Charset));
 	else {
-		p = realloc(ei->recommend[i],
-		    sizeof(_ISO2022Charset) * (ei->recommendsize[i] + 1));
+		p = reallocarray(ei->recommend[i], ei->recommendsize[i] + 1,
+		    sizeof(_ISO2022Charset));
 		if (!p)
 			return (_PARSEFAIL);
 		ei->recommend[i] = p;
Index: lib/libutil/gr_util.c
===================================================================
--- lib/libutil/gr_util.c
+++ lib/libutil/gr_util.c
@@ -205,7 +205,7 @@
 			if (eof)
 				break;
 			while ((size_t)(q - p) >= size) {
-				if ((tmp = realloc(buf, size * 2)) == NULL) {
+				if ((tmp = reallocarray(buf, 2, size)) == NULL) {
 					warnx("group line too long");
 					goto err;
 				}
Index: lib/libutil/login_cap.c
===================================================================
--- lib/libutil/login_cap.c
+++ lib/libutil/login_cap.c
@@ -86,7 +86,7 @@
 
     if (sz <= internal_arraysz)
 	p = internal_array;
-    else if ((p = realloc(internal_array, sz * sizeof(char*))) != NULL) {
+    else if ((p = reallocarray(internal_array, sz, sizeof(char*))) != NULL) {
 	internal_arraysz = sz;
 	internal_array = p;
     }
Index: lib/libutil/pw_util.c
===================================================================
--- lib/libutil/pw_util.c
+++ lib/libutil/pw_util.c
@@ -468,7 +468,7 @@
 			if (eof)
 				break;
 			while ((size_t)(q - p) >= size) {
-				if ((tmp = realloc(buf, size * 2)) == NULL) {
+				if ((tmp = reallocarray(buf, 2, size)) == NULL) {
 					warnx("passwd line too long");
 					goto err;
 				}