X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/db9c0f865c8540d2a158aa99e6010150f89bef26..HEAD:/puttymem.h diff --git a/puttymem.h b/puttymem.h index 4396592f..941aded3 100644 --- a/puttymem.h +++ b/puttymem.h @@ -5,33 +5,48 @@ #ifndef PUTTY_PUTTYMEM_H #define PUTTY_PUTTYMEM_H -#include /* for size_t */ -#include /* for memcpy() */ +#include /* for size_t */ +#include /* for memcpy() */ /* #define MALLOC_LOG do this if you suspect putty of leaking memory */ #ifdef MALLOC_LOG -#define smalloc(z) (mlog(__FILE__,__LINE__), safemalloc(z)) -#define srealloc(y,z) (mlog(__FILE__,__LINE__), saferealloc(y,z)) +#define smalloc(z) (mlog(__FILE__,__LINE__), safemalloc(z,1)) +#define snmalloc(z,s) (mlog(__FILE__,__LINE__), safemalloc(z,s)) +#define srealloc(y,z) (mlog(__FILE__,__LINE__), saferealloc(y,z,1)) +#define snrealloc(y,z,s) (mlog(__FILE__,__LINE__), saferealloc(y,z,s)) #define sfree(z) (mlog(__FILE__,__LINE__), safefree(z)) void mlog(char *, int); #else -#define smalloc safemalloc -#define srealloc saferealloc +#define smalloc(z) safemalloc(z,1) +#define snmalloc safemalloc +#define srealloc(y,z) saferealloc(y,z,1) +#define snrealloc saferealloc #define sfree safefree #endif -void *safemalloc(size_t); -void *saferealloc(void *, size_t); +void *safemalloc(size_t, size_t); +void *saferealloc(void *, size_t, size_t); void safefree(void *); - -/* smalloc a thing */ -#define smalloca(type) ((type *) smalloc (sizeof (type))) -/* smalloc a copy of a thing */ -#define smallocc(ptr) memcpy (smalloc (sizeof (*ptr)), ptr, sizeof (*ptr)) -/* smalloc n things */ -#define smallocn(n,type) ((type *) smalloc ((n) * sizeof (type))) - +/* + * Direct use of smalloc within the code should be avoided where + * possible, in favour of these type-casting macros which ensure + * you don't mistakenly allocate enough space for one sort of + * structure and assign it to a different sort of pointer. + * + * The nasty trick in sresize with sizeof arranges for the compiler, + * in passing, to type-check the expression ((type *)0 == (ptr)), i.e. + * to type-check that the input pointer is a pointer to the correct + * type. The construction sizeof(stuff) ? (b) : (b) looks like a + * violation of the first principle of safe macros, but in fact it's + * OK - although it _expands_ the macro parameter more than once, it + * only _evaluates_ it once, so it's still side-effect safe. + */ +#define snew(type) ((type *)snmalloc(1, sizeof(type))) +#define snewn(n, type) ((type *)snmalloc((n), sizeof(type))) +#define sresize(ptr, n, type) \ + ((type *)snrealloc(sizeof((type *)0 == (ptr)) ? (ptr) : (ptr), \ + (n), sizeof(type))) #endif