From c641974de001247e100638dbe816bd1cd90f3f30 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 11 Sep 2014 17:29:21 +0200 Subject: [PATCH] array: Warn about caveat with array_remove_at() and value based arrays Because enumerate() for value based arrays returns a pointer directly to the internal array elements and because array_remove_at() or rather the called array_remove() may move elements over the element at the currently enumerated position, the pointer passed to enumerate() will point to a different array element after the array_remove_at() call. The caller will thus operate on the wrong element if that pointer is accessed again before calling enumerate(). For performance reasons we currently don't change the implementation to copy each array element during enumeration to a private member of the enumerator and return a pointer to that. Similarly, due to the danger of subtle bugs we don't remember the pointer passed to enumerate() to later redirect it to a copy created during the array_remove_at() call. --- src/libstrongswan/collections/array.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h index ce702ebfa7..0659c70bdd 100644 --- a/src/libstrongswan/collections/array.h +++ b/src/libstrongswan/collections/array.h @@ -100,6 +100,11 @@ enumerator_t* array_create_enumerator(array_t *array); /** * Remove an element at enumerator position. * + * @warning For **value based** arrays don't use the pointer returned by + * enumerate() anymore after calling this function. For performance reasons + * that pointer will point to internal data structures that get modified when + * this function is called. + * * @param array array to remove element in * @param enumerator enumerator position, from array_create_enumerator() */ -- 2.47.2