From cc2410e3497f4d3a671801f238722a0f99407a64 Mon Sep 17 00:00:00 2001
From: PatR <rankin@nethack.org>
Date: Wed, 29 Mar 2023 15:18:25 -0700
Subject: [PATCH] freeing objects and monsters

Making the zeroing out of memory used by an object that is about to
be freed unconditional, and do the same for monsters.  Should never
matter aside from an undetectable amount of extra overhead.
---
 src/mkobj.c | 17 +++++++++--------
 src/mon.c   | 17 ++++++++++-------
 2 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/src/mkobj.c b/src/mkobj.c
index 3bcdb26b9..2d3826331 100644
--- a/src/mkobj.c
+++ b/src/mkobj.c
@@ -97,11 +97,11 @@ dealloc_oextra(struct obj *o)
 
     if (x) {
         if (x->oname)
-            free((genericptr_t) x->oname);
+            free((genericptr_t) x->oname), x->oname = 0;
         if (x->omonst)
-            free_omonst(o);     /* 'o' rather than 'x' */
+            free_omonst(o); /* note: pass 'o' rather than 'x' */
         if (x->omailcmd)
-            free((genericptr_t) x->omailcmd);
+            free((genericptr_t) x->omailcmd), x->omailcmd = 0;
 
         free((genericptr_t) x);
         o->oextra = (struct oextra *) 0;
@@ -2635,12 +2635,13 @@ dealloc_obj(struct obj *obj)
         obj->where = OBJ_LUAFREE;
         return;
     }
-#ifdef DEBUG
-    /* clobber out of date information contained in the about-to-become
-       stale memory; do this before 'free()' in case a debugging malloc
-       implementation overwrites the memory with something else */
+
+    /* clear out of date information contained in the about-to-become
+       stale memory so that potential used-after-freed bugs (should never
+       happen) might trigger an object lost panic instead of continuing;
+       linking with a debugging malloc library is likely to do something
+       similar so this is mainly useful for ordinary malloc/free */
     *obj = cg.zeroobj;
-#endif
     free((genericptr_t) obj);
 }
 
diff --git a/src/mon.c b/src/mon.c
index 89ae78b82..3cb60b975 100644
--- a/src/mon.c
+++ b/src/mon.c
@@ -2364,18 +2364,18 @@ dealloc_mextra(struct monst* m)
 
     if (x) {
         if (x->mgivenname)
-            free((genericptr_t) x->mgivenname);
+            free((genericptr_t) x->mgivenname), x->mgivenname = 0;
         if (x->egd)
-            free((genericptr_t) x->egd);
+            free((genericptr_t) x->egd), x->egd = 0;
         if (x->epri)
-            free((genericptr_t) x->epri);
+            free((genericptr_t) x->epri), x->epri = 0;
         if (x->eshk)
-            free((genericptr_t) x->eshk);
+            free((genericptr_t) x->eshk), x->eshk = 0;
         if (x->emin)
-            free((genericptr_t) x->emin);
+            free((genericptr_t) x->emin), x->emin = 0;
         if (x->edog)
-            free((genericptr_t) x->edog);
-        /* [no action needed for x->mcorpsenm] */
+            free((genericptr_t) x->edog), x->edog = 0;
+        x->mcorpsenm = NON_PM; /* no allocation to release */
 
         free((genericptr_t) x);
         m->mextra = (struct mextra *) 0;
@@ -2394,6 +2394,9 @@ dealloc_monst(struct monst *mon)
     }
     if (mon->mextra)
         dealloc_mextra(mon);
+    /* clear out of date information contained in the about-to-become
+       stale memory; see dealloc_obj() */
+    *mon = cg.zeromonst;
     free((genericptr_t) mon);
 }