On 09/06/2017 02:46 PM, up201407890@alunos.dcc.fc.up.pt wrote:
What are your thoughts on adding a SAFE_FREE() macro to glibc:
#define SAFE_FREE(x) do { if((x) != 0x0) { free(x); (x) = (void *)0x1; }
} while(0)
After free(x), we set x to an address that will crash when dereferenced
(use-after-free), and will also crash when it's an argument to free().
Note that NULL isn't used, because free(NULL) does nothing, which might
hide potential double-free bugs.
Maybe GCC should optionally do this for the actual call to free. There
is some debate to what extend pointer *values* remain valid after free.
Martin Sebor may have some thought on that.
In any case, some GCC assistance is needed so that
free (some_struct->ptr);
free (some_struct);
actually clobbers some_struct->ptr. I don't think we want to call out
to explicit_bzero here.