summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteven Luong <sluong@cisco.com>2020-05-08 04:50:05 -0700
committerAndrew Yourtchenko <ayourtch@gmail.com>2020-08-18 09:54:56 +0000
commit704a2c452eeba652221a20e094606a74a0ff4f2b (patch)
tree389d645a739211442f12410c521e49de6666513b
parent4cdca2fc20f2da23ece3b3ae711bcb53ef767799 (diff)
vppinfra: set explicit found in search_free_list loop
While https://gerrit.fd.io/r/c/vpp/+/26948 fixed avoid using -1 to index into h->free_lists[b][l] by changing the loop counter, the check for the value of the loop counter (l < 0) cannot be trusted to decide whether we've found a large enough object within the bin or not. When the loop is terminated, the value of the variable l could be ambiguous if it equals to 0 and it is never less than 0, ie, when we bail out of the loop, we don't know if it was due to the breaking out of the condition in if ((s = f_size - size) >= 0) break; or while (l > 0); The fix is to explicitly set a variable when we have found a large enough object inside the loop to be used to test whether the loop was prematurely terminated (found == 1) or the loop just ran exhausted (found == 0) Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I0161813fbd44dcba8982a767eac2e0930e9d77e3 (cherry picked from commit a5436ae2516edc955f26c6aa4103f5946ee8653c)
-rw-r--r--src/vppinfra/heap.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/vppinfra/heap.c b/src/vppinfra/heap.c
index d48136c4c94..e91dc64f568 100644
--- a/src/vppinfra/heap.c
+++ b/src/vppinfra/heap.c
@@ -297,6 +297,7 @@ search_free_list (void *v, uword size)
/* Find an object that is large enough.
Search list in reverse so that more recently freed objects will be
allocated again sooner. */
+ u8 found = 0;
do
{
l--;
@@ -304,12 +305,15 @@ search_free_list (void *v, uword size)
f = elt_at (h, f_index);
f_size = heap_elt_size (v, f);
if ((s = f_size - size) >= 0)
- break;
+ {
+ found = 1;
+ break;
+ }
}
while (l > 0);
/* If we fail to find a large enough object, try the next larger size. */
- if (l < 0)
+ if (found == 0)
continue;
ASSERT (heap_is_free (f));