X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=puttymem.h;h=941aded3f32eb851a2bc60f0ba7b925bb11c2ebc;hb=f864265e393f4279045ca59d7eb9b03352766cde;hp=06c294d91682df8436b94cc017f074323883d561;hpb=eec73ea3b6b68dd4e6467e9f24cb61341eef5802;p=PuTTY.git

diff --git a/puttymem.h b/puttymem.h
index 06c294d9..941aded3 100644
--- a/puttymem.h
+++ b/puttymem.h
@@ -34,9 +34,19 @@ void safefree(void *);
  * possible, in favour of these type-casting macros which ensure
  * you don't mistakenly allocate enough space for one sort of
  * structure and assign it to a different sort of pointer.
+ *
+ * The nasty trick in sresize with sizeof arranges for the compiler,
+ * in passing, to type-check the expression ((type *)0 == (ptr)), i.e.
+ * to type-check that the input pointer is a pointer to the correct
+ * type. The construction sizeof(stuff) ? (b) : (b) looks like a
+ * violation of the first principle of safe macros, but in fact it's
+ * OK - although it _expands_ the macro parameter more than once, it
+ * only _evaluates_ it once, so it's still side-effect safe.
  */
 #define snew(type) ((type *)snmalloc(1, sizeof(type)))
 #define snewn(n, type) ((type *)snmalloc((n), sizeof(type)))
-#define sresize(ptr, n, type) ((type *)snrealloc((ptr), (n), sizeof(type)))
+#define sresize(ptr, n, type)                                           \
+    ((type *)snrealloc(sizeof((type *)0 == (ptr)) ? (ptr) : (ptr),      \
+                       (n), sizeof(type)))
 
 #endif