From db024adc90069ce9961f3993aba1b7372f09d77a Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 4 Dec 2017 15:09:18 -0500
Subject: Switch to a safer FREE_AND_NULL implementation

This one only evaluates the input once, so it cannot mess up even if
there are side effects.
---
 src/common/util.h | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'src/common/util.h')

diff --git a/src/common/util.h b/src/common/util.h
index c5bd3f0bda..9ed11260dc 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -109,13 +109,24 @@ extern int dmalloc_free(const char *file, const int line, void *pnt,
 
 void tor_log_mallinfo(int severity);
 
+/* Helper macro: free a variable of type 'typename' using freefn, and
+ * set the variable to NULL.
+ *
+ * We use this for legacy cases when freefn and typename don't line up
+ * perfectly.
+ */
+#define FREE_AND_NULL_UNMATCHED(typename, freefn, var)                  \
+  do {                                                                  \
+    /* only evaluate (var) once. */                                     \
+    typename **tmp__free__ptr ## freefn = &(var);                       \
+    freefn(*tmp__free__ptr ## freefn);                                  \
+    (*tmp__free__ptr ## freefn) = NULL;                                 \
+  } while (0)
+
 /* Helper macro: free a variable of type 'type' using type_free_, and
  * set the variable to NULL. */
-#define FREE_AND_NULL(type, var)                                \
-  do {                                                          \
-      type ## _free_(var);                                      \
-      (var) = NULL;                                             \
-  } while (0)
+#define FREE_AND_NULL(type, var)                                        \
+  FREE_AND_NULL_UNMATCHED(type ## _t, type ## _free_, (var))
 
 /** Macro: yield a pointer to the field at position <b>off</b> within the
  * structure <b>st</b>.  Example:
-- 
cgit v1.2.3-54-g00ecf