From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Fri, 5 Jul 2019 08:37:53 +0000 (+0200)
Subject: test: add _cleanup_(erase_and_freep)
X-Git-Tag: v243-rc1~165^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44c786f04ad40d89b0a0cf4c31612b0b2a4f3765;p=thirdparty%2Fsystemd.git

test: add _cleanup_(erase_and_freep)

Based on the macro and test case by Lennart Poettering and
Topi Miettinen suggestion.
---

diff --git a/src/basic/memory-util.h b/src/basic/memory-util.h
index 0e8957b7838..9cb8ac3c10f 100644
--- a/src/basic/memory-util.h
+++ b/src/basic/memory-util.h
@@ -2,6 +2,7 @@
 #pragma once
 
 #include <inttypes.h>
+#include <malloc.h>
 #include <stdbool.h>
 #include <string.h>
 #include <sys/types.h>
@@ -78,6 +79,16 @@ static inline void* explicit_bzero_safe(void *p, size_t l) {
 void *explicit_bzero_safe(void *p, size_t l);
 #endif
 
+static inline void erase_and_freep(void *p) {
+        void *ptr = *(void**) p;
+
+        if (ptr) {
+                size_t l = malloc_usable_size(ptr);
+                explicit_bzero_safe(ptr, l);
+                free(ptr);
+        }
+}
+
 /* Use with _cleanup_ to erase a single 'char' when leaving scope */
 static inline void erase_char(char *p) {
         explicit_bzero_safe(p, sizeof(char));
diff --git a/src/test/test-alloc-util.c b/src/test/test-alloc-util.c
index e6b6d96d5a9..cf69436d262 100644
--- a/src/test/test-alloc-util.c
+++ b/src/test/test-alloc-util.c
@@ -6,6 +6,7 @@
 #include "alloc-util.h"
 #include "macro.h"
 #include "memory-util.h"
+#include "random-util.h"
 #include "tests.h"
 
 static void test_alloca(void) {
@@ -132,6 +133,20 @@ static void test_cleanup_order(void) {
         log_debug("z: %p", &z);
 }
 
+static void test_auto_erase_memory(void) {
+        _cleanup_(erase_and_freep) uint8_t *p1, *p2;
+
+        assert_se(p1 = new(uint8_t, 1024));
+        assert_se(p2 = new(uint8_t, 1024));
+
+        genuine_random_bytes(p1, 1024, RANDOM_BLOCK);
+
+        /* before we exit the scope, do something with this data, so that the compiler won't optimize this away */
+        memcpy(p2, p1, 1024);
+        for (size_t i = 0; i < 1024; i++)
+                assert_se(p1[i] == p2[i]);
+}
+
 int main(int argc, char *argv[]) {
         test_setup_logging(LOG_DEBUG);
 
@@ -140,6 +155,7 @@ int main(int argc, char *argv[]) {
         test_memdup_multiply_and_greedy_realloc();
         test_bool_assign();
         test_cleanup_order();
+        test_auto_erase_memory();
 
         return 0;
 }