From ddcd197113b805410ea273e7e36ab73fe7b13c2c Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Tue, 12 Feb 2019 16:51:44 +0100
Subject: ffi-macros: Fix freeing wrappers with references.

  - We cannot use move_from_raw() here, because there may be no object
    to move from raw.
---
 ffi-macros/src/lib.rs | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/ffi-macros/src/lib.rs b/ffi-macros/src/lib.rs
index a71562c1..6f1ce312 100644
--- a/ffi-macros/src/lib.rs
+++ b/ffi-macros/src/lib.rs
@@ -604,11 +604,24 @@ fn derive_free(span: proc_macro2::Span, prefix: &str, name: &str,
     quote! {
         /// Frees this object.
         #[::sequoia_ffi_macros::extern_fn] #[no_mangle]
-        pub extern "system" fn #ident (this: Option<&mut #wrapper>) {
-            use ::MoveFromRaw;
-            if let Some(ref_) = this {
-                drop((ref_ as *mut #wrapper).move_from_raw())
+        pub extern "system" fn #ident (this: *mut #wrapper) {
+            if this.is_null() {
+                return;
             }
+
+            let mut wrapper = unsafe {
+                Box::from_raw(this)
+            };
+            wrapper.assert_tag();
+            let _o = wrapper.0;
+
+            // Poison the wrapper.
+            unsafe {
+                // Overwrite with P.
+                memsec::memset(this as *mut u8,
+                               0x50,
+                               ::std::mem::size_of::<#wrapper>())
+            };
         }
     }
 }
-- 
cgit v1.2.3