On Sun, Aug 30, 2015 at 8:13 PM, Michael McConville mmcconv1@sccs.swarthmore.edu wrote:
free() is specified to be NULL-safe, and I don't know of any implementations that violate this.
I think those NULL checks are meant to avoid double-free bugs. If you assign NULL to a pointer after you free it and check all pointers before free, you avoid trying to free it again.
Like there:
error:
- if (x509) {
- X509_free(x509);
- x509 = NULL;
- }
But you did find some places they forgot to assign NULL after free.
Here's a fun exercise: use Coccinelle to find and patch those.
A semantic patch might look like this:
@@ identifier f =~ "free"; expression x; @@ f(x); + x = NULL;
Happy hacking!
Mansour