src: add refcount asserts

_get() functions must not be used when refcnt is 0, as expr_free() releases expressions on 1 -> 0 transition. Also, check that a refcount would not overflow from UINT_MAX to 0. Use INT_MAX to also catch refcount leaks sooner, we don't expect 2**31 get()s on same object. This helps catching use-after-free refcounting bugs even when nft is built without ASAN support. v3: use a macro + BUG to get more info without a coredump. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2025-04-03 00:32:29 +0200
committer: Florian Westphal <fw@strlen.de> 2025-10-29 13:44:11 +0100
commit: 8720428253d2ee35f59a1d7921da6d2468877257 (patch)
tree: 6b38205fa114ef4df7e6c23321dcaa66444cdf61 /include/rule.h
parent: 2c3edb0cc5ab4acc0b34d4d09db91755cef49712 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/include/rule.h b/include/rule.h
index 8d2f29d0..bcdc50ca 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -115,7 +115,7 @@ struct symbol {
 	struct list_head	list;
 	const char		*identifier;
 	struct expr		*expr;
-	int			refcnt;
+	unsigned int		refcnt;
 };
 
 extern void symbol_bind(struct scope *scope, const char *identifier,
author	Florian Westphal <fw@strlen.de>	2025-04-03 00:32:29 +0200
committer	Florian Westphal <fw@strlen.de>	2025-10-29 13:44:11 +0100
commit	8720428253d2ee35f59a1d7921da6d2468877257 (patch)
tree	6b38205fa114ef4df7e6c23321dcaa66444cdf61 /include/rule.h
parent	2c3edb0cc5ab4acc0b34d4d09db91755cef49712 (diff)