From f2174536a8a48524a334ab6d760d57afdf751aea Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Thu, 3 Jan 2019 10:51:52 +0000 Subject: [PATCH] Switch sresize to using TYPECHECK. Now that that facility is centralised in defs.h, there's no reason to have a special ad-hoc version in sresize and separately comment it. --- puttymem.h | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/puttymem.h b/puttymem.h index a8c2ebe4..8fdb8557 100644 --- a/puttymem.h +++ b/puttymem.h @@ -22,23 +22,16 @@ void safefree(void *); /* * Direct use of smalloc within the code should be avoided where - * possible, in favour of these type-casting macros which ensure - * you don't mistakenly allocate enough space for one sort of - * structure and assign it to a different sort of pointer. - * - * The nasty trick in sresize with sizeof arranges for the compiler, - * in passing, to type-check the expression ((type *)0 == (ptr)), i.e. - * to type-check that the input pointer is a pointer to the correct - * type. The construction sizeof(stuff) ? (b) : (b) looks like a - * violation of the first principle of safe macros, but in fact it's - * OK - although it _expands_ the macro parameter more than once, it - * only _evaluates_ it once, so it's still side-effect safe. + * possible, in favour of these type-casting macros which ensure you + * don't mistakenly allocate enough space for one sort of structure + * and assign it to a different sort of pointer. sresize also uses + * TYPECHECK to verify that the _input_ pointer is a pointer to the + * correct type. */ #define snew(type) ((type *)snmalloc(1, sizeof(type))) #define snewn(n, type) ((type *)snmalloc((n), sizeof(type))) -#define sresize(ptr, n, type) \ - ((type *)snrealloc(sizeof((type *)0 == (ptr)) ? (ptr) : (ptr), \ - (n), sizeof(type))) +#define sresize(ptr, n, type) TYPECHECK((type *)0 == (ptr), \ + ((type *)snrealloc((ptr), (n), sizeof(type)))) /* * For cases where you want to allocate a struct plus a subsidiary