diff options
author | Dave Barach <dave@barachs.net> | 2018-08-06 08:43:47 -0400 |
---|---|---|
committer | Dave Barach <dave@barachs.net> | 2018-08-06 11:28:38 -0400 |
commit | ab955b1b44f3d606cef51a9471a6562a7135ab3e (patch) | |
tree | 8b14570f9c508304a1183bca161e9185db8f2f58 | |
parent | 374819dd5873aee53e447ac3a761df036abd9f0a (diff) |
fix dangling reference in foreach_key_value_pair
When the user deletes the last entry in a bihash bucket, the bihash
infra frees the bucket's backing storage. If this happens under
clib_bihash_foreach_key_value_pair - and the freed bucket happens to
be the bucket being traversed - the resulting dangling reference can
easily make the wheels fall off.
Simple fix: if (bucket-is-now-empty) double-break.
Change-Id: Idc44247a82ed5d0ba548507b4a53d4c8503ba8bb
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit ca45ee73d7c49c7f659c5cd690d3403d440e50f9)
-rw-r--r-- | src/vppinfra/bihash_template.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/vppinfra/bihash_template.c b/src/vppinfra/bihash_template.c index 89ae847c036..6b9e67157af 100644 --- a/src/vppinfra/bihash_template.c +++ b/src/vppinfra/bihash_template.c @@ -677,9 +677,16 @@ void BV (clib_bihash_foreach_key_value_pair) continue; (*fp) (&v->kvp[k], arg); + /* + * In case the callback deletes the last entry in the bucket... + */ + if (b->offset == 0) + goto doublebreak; } v++; } + doublebreak: + ; } } |