summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDave Barach <dave@barachs.net>2018-08-06 08:43:47 -0400
committerDave Barach <dave@barachs.net>2018-08-06 11:28:38 -0400
commitab955b1b44f3d606cef51a9471a6562a7135ab3e (patch)
tree8b14570f9c508304a1183bca161e9185db8f2f58
parent374819dd5873aee53e447ac3a761df036abd9f0a (diff)
fix dangling reference in foreach_key_value_pair
When the user deletes the last entry in a bihash bucket, the bihash infra frees the bucket's backing storage. If this happens under clib_bihash_foreach_key_value_pair - and the freed bucket happens to be the bucket being traversed - the resulting dangling reference can easily make the wheels fall off. Simple fix: if (bucket-is-now-empty) double-break. Change-Id: Idc44247a82ed5d0ba548507b4a53d4c8503ba8bb Signed-off-by: Dave Barach <dave@barachs.net> (cherry picked from commit ca45ee73d7c49c7f659c5cd690d3403d440e50f9)
-rw-r--r--src/vppinfra/bihash_template.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/vppinfra/bihash_template.c b/src/vppinfra/bihash_template.c
index 89ae847c036..6b9e67157af 100644
--- a/src/vppinfra/bihash_template.c
+++ b/src/vppinfra/bihash_template.c
@@ -677,9 +677,16 @@ void BV (clib_bihash_foreach_key_value_pair)
continue;
(*fp) (&v->kvp[k], arg);
+ /*
+ * In case the callback deletes the last entry in the bucket...
+ */
+ if (b->offset == 0)
+ goto doublebreak;
}
v++;
}
+ doublebreak:
+ ;
}
}