Implement reallocarray()

Stateless and I stumbled upon this issue while discussing the
semantics of read, accepting a size_t but only being able to return
ssize_t, effectively lacking the ability to report successful
reads > SSIZE_MAX.
The discussion went along and we came to the topic of input-based
memory allocations. Basically, it was possible for the argument
to a memory-allocation-function to overflow, leading to a segfault
later.
The OpenBSD-guys came up with the ingenious reallocarray-function,
and I implemented it as ereallocarray, which automatically returns
on error.
Read more about it here[0].

A simple testcase is this (courtesy to stateless):
$ sbase-strings -n (2^(32|64) / 4)

This will segfault before this patch and properly return an OOM-
situation afterwards (thanks to the overflow-check in reallocarray).

[0]: http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/calloc.3

printf.c

@@ -111,7 +111,7 @@ main(int argc, char *argv[])
 			break;
 		case 'c':
 			unescape(arg);
-			rarg = emalloc((utflen(arg) + 1) * sizeof(*rarg));
+			rarg = ereallocarray(rarg, utflen(arg) + 1, sizeof(*rarg));
 			utftorunestr(arg, rarg);
 			efputrune(rarg, stdout, "<stdout>");
 			free(rarg);
@@ -125,7 +125,7 @@ main(int argc, char *argv[])
 			if (arg[j] == '\'' || arg[j] == '\"') {
 				arg += j + 1;
 				unescape(arg);
-				rarg = emalloc((utflen(arg) + 1) * sizeof(*rarg));
+				rarg = ereallocarray(rarg, utflen(arg) + 1, sizeof(*rarg));
 				utftorunestr(arg, rarg);
 				num = rarg[0];
 			} else