fix potential double free

double free could occur if patch allocated the dst_data, then an
error occured later on, causing the jump to fail, which frees the dst_data.
however because dst_data is a **, then the user will have a non-null pointer
so they may assume it should be freed.

patch will always free and NULL the dst_data (if allocated) on error.
only on success will dst_data remain allocated.

Author: ITotalJustice

patch.c

@@ -5,10 +5,10 @@
 
 
 enum PatchError patch(
-    enum PatchType type,
+    const enum PatchType type,
     uint8_t** dst_data, size_t* dst_size,
-    const uint8_t* src_data, size_t src_size,
-    const uint8_t* patch_data, size_t patch_size
+    const uint8_t* src_data, const size_t src_size,
+    const uint8_t* patch_data, const size_t patch_size
 ) {
     if (!dst_data || !dst_size || !src_data || !src_size || !patch_data || !patch_size)
     {
@@ -76,6 +76,7 @@ enum PatchError patch(
     if (*dst_data)
     {
         free(*dst_data);
+        *dst_data = NULL;
     }
 
     return error;

patch.h

@@ -25,6 +25,8 @@ enum PatchError
     PatchError_PATCH,
 };
 
+// dst_data will be allocated by this function using malloc.
+// dst_data will not be allocated if patch returns an error.
 enum PatchError patch(
     enum PatchType type,
     uint8_t** dst_data, size_t* dst_size,