From 4c9202d9f4b6ffc03b406760928f2842ced3f61e Mon Sep 17 00:00:00 2001
From: Consolatis <35009135+Consolatis@users.noreply.github.com>
Date: Fri, 22 Mar 2024 04:48:44 +0100
Subject: [PATCH] [fixup] try to ensure buf_replace_by gets used correctly

---
 src/common/buf.c | 35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/src/common/buf.c b/src/common/buf.c
index 8342b689..1b73535d 100644
--- a/src/common/buf.c
+++ b/src/common/buf.c
@@ -5,13 +5,40 @@
 #include "common/buf.h"
 #include "common/mem.h"
 
+#define BUF_INITIAL_SIZE 256
+
+#define BUF_CLEARED(s) ((s) && !(s)->buf && !(s)->alloc && !(s)->len)
+#define BUF_INITIALIZED(s) ((s) && (s)->buf && (s)->alloc >= BUF_INITIAL_SIZE)
+
+/*
+ * Replace dst by src, src is invalid after this call
+ * but it may be reused when calling buf_init(src).
+ *
+ * dst must either have been initialized with buf_init()
+ * or cleared out (e.g. created by znew() or on the stack
+ * like struct buf foo = {0}).
+ */
 static void
 buf_replace_by(struct buf *dst, struct buf *src)
 {
+	assert(dst);
+	assert(BUF_INITIALIZED(src));
+
+	/*
+	 * Tries to ensure that we don't accidentally try
+	 * to free a random uninitialized dst->buf pointer
+	 */
+	assert(BUF_CLEARED(dst) || BUF_INITIALIZED(dst));
+
 	free(dst->buf);
-	dst->buf = src->buf;
-	dst->len = src->len;
-	dst->alloc = src->alloc;
+	*dst = *src;
+
+	/*
+	 * Reset src so we don't accidentally end up
+	 * reusing it with a shared internal ->buf ptr
+	 * and invalid ->len and ->alloc states.
+	 */
+	*src = (struct buf){0};
 }
 
 void
@@ -87,7 +114,7 @@ buf_init(struct buf *s)
 	 * the supplied struct may be uninitialized.
 	 */
 
-	s->alloc = 256;
+	s->alloc = BUF_INITIAL_SIZE;
 	s->buf = xmalloc(s->alloc);
 	s->buf[0] = '\0';
 	s->len = 0;