On Mon, Mar 25, 2024 at 9:24 PM Robin Jarry <rja...@redhat.com> wrote: > > The graph id is determined based on a global variable that is > incremented every time a graph is created, and decremented every time > a graph is destroyed. This only works if graphs are destroyed in the > reverse order in which they have been created. > > The following code produces duplicate graph IDs which can lead to > use-after-free bugs and other undefined behaviours: > > a = rte_graph_create(...); // id=0 graph_id=1 > b = rte_graph_create(...); // id=1 graph_id=2 > rte_graph_destroy(a); // graph_id=1 > c = rte_graph_create(...); // id=1 graph_id=2 (duplicate with b) > rte_graph_destroy(c); // frees memory still used by b > > Remove the global counter. Make sure that the graph list is always > ordered by increasing graph ids. When creating a new graph, pick a free > id which is not allocated.
Please update app/test/test_graph.c to test this case. > > Signed-off-by: Robin Jarry <rja...@redhat.com>
