You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OQS_MEM_insecure_free(&my_cool_ptr);
... some operations later ...
// This line will segfault instead of double freeing, making the actual bug easier to find.
OQS_MEM_INSECURE_free(&my_cool_ptr);
Conditional freeing
OQS_MEM_insecure_free(&my_cool_ptr);
... some operations later ...
if (my_cool_ptr != NULL) {
OQS_MEM_insecure_free(&my_cool_ptr);
}
By taking a double pointer we make it harder for users of OQS_MEM_* to do something incorrectly.
Add OQS_MEM wrapper for malloc
Currently, as silly as it seems, ISC_MEM_*_freeing a chunk of memory allocated by malloc feels wrong. In other c projects I work in memory that is freed by their provided free functions must have come from their own malloc/alloc functions. This is because they may be providing a custom allocator under the hood. Although OQS doesn't do anything like this, I think that adding a malloc wrapper under the OQS name space would be beneficial for two reasons:
It makes it obvious that a chunk of memory can be freed with our OQS_MEM_*_free functions
It gives us the flexibility in the future to add custom memory management should we decide this is needed
For now, the macros below would work, but in the future we could define an actual function that checks for null etc.
#define OQS_MEM_malloc(ptr, sz) ptr = malloc(sz)
What do you think?
The text was updated successfully, but these errors were encountered:
As part of the sig-stateful review I had a few thoughts on how we handle our
OQS_MEM
functions.Update OQS_MEM_*_free functions to take double pointers
Firstly, our
OQS_MEM_*_free
set of functions currently takes a single pointer:This follows the c standard library's convention which is nice! However, this makes double frees possible and hard to identify.
If we update the
free
functions to use a double pointer, then we can set the pointer to point toNULL
before the function exists.There are two scenarios this helps:
Debugging
Conditional freeing
By taking a double pointer we make it harder for users of
OQS_MEM_*
to do something incorrectly.Add OQS_MEM wrapper for malloc
Currently, as silly as it seems,
ISC_MEM_*_free
ing a chunk of memory allocated bymalloc
feels wrong. In other c projects I work in memory that is freed by their providedfree
functions must have come from their ownmalloc/alloc
functions. This is because they may be providing a custom allocator under the hood. Although OQS doesn't do anything like this, I think that adding amalloc
wrapper under the OQS name space would be beneficial for two reasons:For now, the macros below would work, but in the future we could define an actual function that checks for null etc.
What do you think?
The text was updated successfully, but these errors were encountered: