<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 28 November 2016 at 14:31, Antony Antony <span dir="ltr"><<a href="mailto:antony@phenome.org" target="_blank">antony@phenome.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">isn't pfree smarter? linked with efence and leak-detective enabled.<br>
Which would be nice in test runs!<br>
</blockquote></div><div class="gmail_quote"> <br>I'm more concerned with what we ship. I'd like it to fail faster.<br><br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
/* stomp on memory! Is another byte value better? */<br>
memset(p, 0xEF, sizeof(union mhdr) + p->i.size);<br>
<br></blockquote><div><br></div><div>Unfortunately that doesn't help with libraries like NSS where we have no control over memory allocation (which is why the crypto code obsessively tries to kill NSS related pointers).<br><br></div><div>I'm also skeptical that 0xFE is a good value. There's no real guarantee that the address is invalid, and the result looks more like a random memory smash (and not use after free). On the other hand debugging an NPE is obvious and straight forward, and we know 0==NULL (see earlier thread), that embedded compilers can add NULL checks.<br><br> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
There was another reason someone, I think Hugh, bring up.<br>
something like - libreswan code deal with pointers to pointers so assigning<br>
NULL is not useful.<br>
<br></blockquote><div> </div>Not useful or harmless? For instance:<br></div><div class="gmail_quote"><div><br>{<br></div><div> u_int8_t *bytes = alloc_things(u_int8_t, 10, "bytes");<br></div><div> ...<br></div><div> pfree(bytes); bytes = NULL;<br>}<br></div><div><br></div><div>will get tossed by the compiler.<br><br></div><div> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
may be there is a better reason to assign NULL now!<br>
<div><div class="h5"><br>
<br>
On Mon, Nov 28, 2016 at 12:07:05PM -0500, Andrew Cagney wrote:<br>
> I'd like the change:<br>
> pfree(P)<br>
> pfreeany(P)<br>
> so that "P" is set to NULL after the free.<br>
><br>
> While a tacky hack, it might help flush out some reference after<br>
> free's I suspect we've got lurking.<br>
><br>
> Andrew<br>
</div></div>> ______________________________<wbr>_________________<br>
> Swan-dev mailing list<br>
> <a href="mailto:Swan-dev@lists.libreswan.org">Swan-dev@lists.libreswan.org</a><br>
> <a href="https://lists.libreswan.org/mailman/listinfo/swan-dev" rel="noreferrer" target="_blank">https://lists.libreswan.org/<wbr>mailman/listinfo/swan-dev</a><br>
</blockquote></div><br></div></div>