fix dangling reference in foreach_key_value_pair

When the user deletes the last entry in a bihash bucket, the bihash
infra frees the bucket's backing storage. If this happens under
clib_bihash_foreach_key_value_pair - and the freed bucket happens to
be the bucket being traversed - the resulting dangling reference can
easily make the wheels fall off.

Simple fix: if (bucket-is-now-empty) double-break.

Change-Id: Idc44247a82ed5d0ba548507b4a53d4c8503ba8bb
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit ca45ee73d7c49c7f659c5cd690d3403d440e50f9)

diff --git a/src/vppinfra/bihash_template.c b/src/vppinfra/bihash_template.c
index 89ae847..6b9e671 100644 (file)
--- a/src/vppinfra/bihash_template.c
+++ b/src/vppinfra/bihash_template.c
@@ -677,9 +677,16 @@ void BV (clib_bihash_foreach_key_value_pair)
                continue;
 
              (*fp) (&v->kvp[k], arg);
+             /*
+              * In case the callback deletes the last entry in the bucket...
+              */
+             if (b->offset == 0)
+               goto doublebreak;
            }
          v++;
        }
+    doublebreak:
+      ;
     }
 }