The free() is called outside of the interesting function an may be called on an still active component.

I'd suggest to handle the error != 0 case first an return in this branch early.
So the main search loop shifts to the main row and the code is simpler.

In D30166#677401, @donner wrote:

The free() is called outside of the interesting function an may be called on an still active component.

Sorry, I'm having trouble understanding what you're suggesting here.

I'd suggest to handle the error != 0 case first an return in this branch early.
So the main search loop shifts to the main row and the code is simpler.

I can do that in a follow-up change. Here I would like to provide a minimal patch for the regression to simplify backporting and reduce the risk of another regression. In general I agree this code needs some general cleanup.

In D30166#678451, @markj wrote:

In D30166#677401, @donner wrote:

The free() is called outside of the interesting function an may be called on an still active component.

Sorry, I'm having trouble understanding what you're suggesting here.

My fault. I lost some characters while typing.

The code structure is:

allocate(prefix);
fail = 1;
if(good)
    forall()
       eventually_reset_fail;
else
    do_not_touch_fail;
if(fail)
    free(prefix);

There is more than one way through the code, where prefix is consumed or not.
My question is if all cases are fulfilled.

I'd suggest to handle the error != 0 case first an return in this branch early.
So the main search loop shifts to the main row and the code is simpler.

I can do that in a follow-up change. Here I would like to provide a minimal patch for the regression to simplify backporting and reduce the risk of another regression. In general I agree this code needs some general cleanup.

Okay. Sounds good.

In D30166#678454, @donner wrote:

In D30166#678451, @markj wrote:

In D30166#677401, @donner wrote:

The free() is called outside of the interesting function an may be called on an still active component.

Sorry, I'm having trouble understanding what you're suggesting here.

My fault. I lost some characters while typing.

The code structure is:

allocate(prefix);
fail = 1;
if(good)
    forall()
       eventually_reset_fail;
else
    do_not_touch_fail;
if(fail)
    free(prefix);

There is more than one way through the code, where prefix is consumed or not.
My question is if all cases are fulfilled.

So I think the current behaviour is more or less intentional. Even if the route deletion fails, we want to purge the LLE, as the prefix isn't supposed to be used anymore. IPv4 behaves the same way.