On Tuesday, 02 May 2006 at 15:08, Brendan Cully wrote: > On Tuesday, 02 May 2006 at 20:43, Rocco Rutte wrote: > > Hi, > > > > * Brendan Cully [06-05-02 13:25:30 -0700] wrote: > > > > >I never got the point of FREE vs safe_free - I don't see it as a bug > > >to use safe_free, though it is an inconsistency. > > > > If I recall correctly, some years ago there was: > > > > safe_free (void**); > > #define FREE(X) safe_free((void**)(X)) > > > > just to avoid having to write all the casts manually. > > > > Now it's even more dangerous since safe_free() dereferences its > > pointers without a big fat warning somewhere. In fact, before adding the > > check_sec.sh checks I though about just adding a note somewhere but > > couldn't really find an accurate place for it... > > That's why I don't like the automatic cast - the compiler should get a > chance to check whether the argument is a ** type. That may be why the > current macro is > # define FREE(x) safe_free(x) > > But I don't think I understand why safe_free is > void safe_free (void *) > instead of > void safe_free (void **) > > wouldn't this be the proper fix? sorry, that was dumb. I thought for a moment that eg char** automatically downcast to void** like char* does for void*. You're probably right, it might be better to have check_sec look out for & in the argument to safe_free or FREE.
Attachment:
pgpEKg20wgflu.pgp
Description: PGP signature