fix dangling reference in foreach_key_value_pair

When the user deletes the last entry in a bihash bucket, the bihash
infra frees the bucket's backing storage. If this happens under
clib_bihash_foreach_key_value_pair - and the freed bucket happens to
be the bucket being traversed - the resulting dangling reference can
easily make the wheels fall off.

Simple fix: if (bucket-is-now-empty) double-break.

Change-Id: Idc44247a82ed5d0ba548507b4a53d4c8503ba8bb
Signed-off-by: Dave Barach <dave@barachs.net>

diff --git a/src/vppinfra/bihash_template.c b/src/vppinfra/bihash_template.c
index 8a6fa16..41d7c7c 100644 (file)
--- a/src/vppinfra/bihash_template.c
+++ b/src/vppinfra/bihash_template.c
@@ -653,9 +653,16 @@ void BV (clib_bihash_foreach_key_value_pair)
                continue;
 
              (*fp) (&v->kvp[k], arg);
+             /*
+              * In case the callback deletes the last entry in the bucket...
+              */
+             if (BV (clib_bihash_bucket_is_empty) (b))
+               goto doublebreak;
            }
          v++;
        }
+    doublebreak:
+      ;
     }
 }