X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/32874aeac8dacbca26663777b39a79efc5d8dc4b..5fd70d0768f86274b22e73f3cd8f59fec0325e36:/puttymem.h diff --git a/puttymem.h b/puttymem.h index 938e340b..941aded3 100644 --- a/puttymem.h +++ b/puttymem.h @@ -11,27 +11,42 @@ /* #define MALLOC_LOG do this if you suspect putty of leaking memory */ #ifdef MALLOC_LOG -#define smalloc(z) (mlog(__FILE__,__LINE__), safemalloc(z)) -#define srealloc(y,z) (mlog(__FILE__,__LINE__), saferealloc(y,z)) +#define smalloc(z) (mlog(__FILE__,__LINE__), safemalloc(z,1)) +#define snmalloc(z,s) (mlog(__FILE__,__LINE__), safemalloc(z,s)) +#define srealloc(y,z) (mlog(__FILE__,__LINE__), saferealloc(y,z,1)) +#define snrealloc(y,z,s) (mlog(__FILE__,__LINE__), saferealloc(y,z,s)) #define sfree(z) (mlog(__FILE__,__LINE__), safefree(z)) void mlog(char *, int); #else -#define smalloc safemalloc -#define srealloc saferealloc +#define smalloc(z) safemalloc(z,1) +#define snmalloc safemalloc +#define srealloc(y,z) saferealloc(y,z,1) +#define snrealloc saferealloc #define sfree safefree #endif -void *safemalloc(size_t); -void *saferealloc(void *, size_t); +void *safemalloc(size_t, size_t); +void *saferealloc(void *, size_t, size_t); void safefree(void *); - -/* smalloc a thing */ -#define smalloca(type) ((type *) smalloc (sizeof (type))) -/* smalloc a copy of a thing */ -#define smallocc(ptr) memcpy (smalloc (sizeof (*ptr)), ptr, sizeof (*ptr)) -/* smalloc n things */ -#define smallocn(n,type) ((type *) smalloc ((n) * sizeof (type))) - +/* + * Direct use of smalloc within the code should be avoided where + * possible, in favour of these type-casting macros which ensure + * you don't mistakenly allocate enough space for one sort of + * structure and assign it to a different sort of pointer. + * + * The nasty trick in sresize with sizeof arranges for the compiler, + * in passing, to type-check the expression ((type *)0 == (ptr)), i.e. + * to type-check that the input pointer is a pointer to the correct + * type. The construction sizeof(stuff) ? (b) : (b) looks like a + * violation of the first principle of safe macros, but in fact it's + * OK - although it _expands_ the macro parameter more than once, it + * only _evaluates_ it once, so it's still side-effect safe. + */ +#define snew(type) ((type *)snmalloc(1, sizeof(type))) +#define snewn(n, type) ((type *)snmalloc((n), sizeof(type))) +#define sresize(ptr, n, type) \ + ((type *)snrealloc(sizeof((type *)0 == (ptr)) ? (ptr) : (ptr), \ + (n), sizeof(type))) #endif