tal: check headers more carefully.

We sanity check tal headers by ensuring that the pointers are in the
bounds of things we've allocated.  But the first one we check is the
prop ptr, which may also be a literal: this is_literal() dereferences
the pointer, which means we usually crash here if it's not a tal
object.

Move that last, and we have far more success with our sanity checking.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

diff --git a/ccan/tal/tal.c b/ccan/tal/tal.c
index 350b34be9d902ee2ae531cdf04bbe531cc2c7943..8245aba95028d90a007eb0c4b6edf83284d9b984 100644 (file)
--- a/ccan/tal/tal.c
+++ b/ccan/tal/tal.c
@@ -154,11 +154,11 @@ static struct tal_hdr *to_tal_hdr(const void *ctx)
 
        t = (struct tal_hdr *)((char *)ctx - sizeof(struct tal_hdr));
        check_bounds(t);
 
        t = (struct tal_hdr *)((char *)ctx - sizeof(struct tal_hdr));
        check_bounds(t);

-       if (t->prop && !is_literal(t->prop))
-               check_bounds(t->prop);

        check_bounds(ignore_destroying_bit(t->parent_child));
        check_bounds(t->list.next);
        check_bounds(t->list.prev);
        check_bounds(ignore_destroying_bit(t->parent_child));
        check_bounds(t->list.next);
        check_bounds(t->list.prev);

+       if (t->prop && !is_literal(t->prop))
+               check_bounds(t->prop);

        return t;
 }
 
        return t;
 }