vppinfra: set explicit found in search_free_list loop

While https://gerrit.fd.io/r/c/vpp/+/26948 fixed avoid using -1 to
index into h->free_lists[b][l] by changing the loop counter, the
check for the value of the loop counter (l < 0) cannot be trusted
to decide whether we've found a large enough object within the bin
or not. When the loop is terminated, the value of the variable l
could be ambiguous if it equals to 0 and it is never less than 0,
ie, when we bail out of the loop, we don't know if it was due to the
breaking out of the condition in
  if ((s = f_size - size) >= 0)
     break;
or
  while (l > 0);

The fix is to explicitly set a variable when we have found a large enough
object inside the loop to be used to test whether the loop was prematurely
terminated (found == 1) or the loop just ran exhausted (found == 0)

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I0161813fbd44dcba8982a767eac2e0930e9d77e3

diff --git a/src/vppinfra/heap.c b/src/vppinfra/heap.c
index d48136c..e91dc64 100644 (file)
--- a/src/vppinfra/heap.c
+++ b/src/vppinfra/heap.c
@@ -297,6 +297,7 @@ search_free_list (void *v, uword size)
        /* Find an object that is large enough.
           Search list in reverse so that more recently freed objects will be
           allocated again sooner. */
+       u8 found = 0;
        do
          {
            l--;
@@ -304,12 +305,15 @@ search_free_list (void *v, uword size)
            f = elt_at (h, f_index);
            f_size = heap_elt_size (v, f);
            if ((s = f_size - size) >= 0)
-             break;
+             {
+               found = 1;
+               break;
+             }
          }
        while (l > 0);
 
        /* If we fail to find a large enough object, try the next larger size. */
-       if (l < 0)
+       if (found == 0)
          continue;
 
        ASSERT (heap_is_free (f));