From: Eric Blake <eblake@redhat.com>
Date: Sat, 23 Apr 2011 02:15:50 +0000 (-0600)
Subject: build: make VIR_FREE do some type checking
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=90d761eeb26c9619571b68a8863b8425a33555d6;p=libvirt.git

build: make VIR_FREE do some type checking

We can exploit the fact that gcc warns about int-to-pointer conversion
in ternary cond?(void*):(int) in order to prevent future mistakes of
calling VIR_FREE on a scalar lvalue.  For example, between commits
158ba873 and 802e2df, we would have had this warning:

cc1: warnings being treated as errors
remote.c: In function 'remoteDispatchListNetworks':
remote.c:3684:70: error: pointer/integer type mismatch in conditional expression

There are still a number of places that malloc into a const char*;
while it would probably be worth scrubbing them to use char*
instead, that is a separate patch, so we have to cast away const
in VIR_FREE for now.

* src/util/memory.h (VIR_FREE): Make gcc warn about integers.
Iteratively developed from a patch by Christophe Fergeau.
---

diff --git a/src/util/memory.h b/src/util/memory.h
index 66b4c420fa..d77a295389 100644
--- a/src/util/memory.h
+++ b/src/util/memory.h
@@ -1,7 +1,7 @@
 /*
  * memory.c: safer memory allocation
  *
- * Copyright (C) 2010 Red Hat, Inc.
+ * Copyright (C) 2010-2011 Red Hat, Inc.
  * Copyright (C) 2008 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -197,7 +197,11 @@ void virFree(void *ptrptr) ATTRIBUTE_NONNULL(1);
  * Free the memory stored in 'ptr' and update to point
  * to NULL.
  */
-# define VIR_FREE(ptr) virFree(&(ptr))
+/* The ternary ensures that ptr is a pointer and not an integer type,
+ * while evaluating ptr only once.  For now, we intentionally cast
+ * away const, since a number of callers safely pass const char *.
+ */
+# define VIR_FREE(ptr) virFree((void *) (1 ? (const void *) &(ptr) : (ptr)))
 
 
 # if TEST_OOM