!something is always >=0. We meant to check that the free_interim
does not free more than was allocated.
Also do the assertion before the manipulation. That reduces the
probability that a compiler will "prove" that the assertion is not
needed, or that it will fire too late.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
if (!an) return;
assert(!qu->final_allocspace);
+ qu->interim_allocd -= sz;
+ assert(qu->interim_allocd >= 0);
LIST_UNLINK(qu->allocations, an);
free(an);
- qu->interim_allocd -= sz;
- assert(!qu->interim_allocd >= 0);
}
void *adns__alloc_mine(adns_query qu, size_t sz) {