lib: null out deleted pointers in typesafe containers

Some of the typesafe containers didn't null out their innards of items
after an item was deleted or popped off the container.  This is both a
bit unsafe as well as hinders the upcoming _member() from working
efficiently.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>

diff --git a/lib/typerb.c b/lib/typerb.c
index 092faa4cc9a51d0373a9334ee126e108a21c1ec7..151d91ce20b755488d6926985590a3a1c8c6c76c 100644 (file)
--- a/lib/typerb.c
+++ b/lib/typerb.c
@@ -45,6 +45,7 @@
 #include "config.h"
 #endif
 
+#include <string.h>
 #include "typerb.h"
 
 #define RB_BLACK       0
@@ -330,6 +331,7 @@ color:
                rbe_remove_color(rbt, parent, child);
 
        rbt->count--;
+       memset(old, 0, sizeof(*old));
        return (old);
 }
 

diff --git a/lib/typesafe.h b/lib/typesafe.h
index ecac1a4381c9b86794db65fc1b93f94cffaa0fc9..6d6fcf282eac0223361ed86279703d5d5d03553e 100644 (file)
--- a/lib/typesafe.h
+++ b/lib/typesafe.h
@@ -169,6 +169,7 @@ macro_inline type *prefix ## _del(struct prefix##_head *h, type *item)         \
        *iter = item->field.si.next;                                           \
        if (!item->field.si.next)                                              \
                h->sh.last_next = iter;                                        \
+       item->field.si.next = NULL;                                            \
        return item;                                                           \
 }                                                                              \
 macro_inline type *prefix ## _pop(struct prefix##_head *h)                     \
@@ -180,6 +181,7 @@ macro_inline type *prefix ## _pop(struct prefix##_head *h)                     \
        h->sh.first = sitem->next;                                             \
        if (h->sh.first == NULL)                                               \
                h->sh.last_next = &h->sh.first;                                \
+       sitem->next = NULL;                                                    \
        return container_of(sitem, type, field.si);                            \
 }                                                                              \
 macro_inline void prefix ## _swap_all(struct prefix##_head *a,                 \
@@ -321,6 +323,7 @@ macro_inline type *prefix ## _pop(struct prefix##_head *h)                     \
        ditem->prev->next = ditem->next;                                       \
        ditem->next->prev = ditem->prev;                                       \
        h->dh.count--;                                                         \
+       ditem->prev = ditem->next = NULL;                                      \
        return container_of(ditem, type, field.di);                            \
 }                                                                              \
 macro_inline void prefix ## _swap_all(struct prefix##_head *a,                 \
@@ -565,6 +568,7 @@ macro_inline type *prefix ## _del(struct prefix##_head *h, type *item)         \
                return NULL;                                                   \
        h->sh.count--;                                                         \
        *iter = item->field.si.next;                                           \
+       item->field.si.next = NULL;                                            \
        return item;                                                           \
 }                                                                              \
 macro_inline type *prefix ## _pop(struct prefix##_head *h)                     \