Fixed invalid memory read/segfault

This patch fixes segfaults caused by invalid memory read during leafref
links removal process. It is tight hash_table implementation, as
hash_table removal of record can invalidate all other record pointers
due to memory reallocation process

Author: steweg

src/tree_data_free.c

@@ -144,15 +144,20 @@ lyd_free_leafref_links_rec(struct lyd_leafref_links_rec *rec)
 {
     LY_ARRAY_COUNT_TYPE u;
     struct lyd_leafref_links_rec *rec2;
+    const struct lyd_node_term *node;
 
     assert(rec);
+    node = rec->node;
 
     /* remove links of leafref nodes */
     LY_ARRAY_FOR(rec->leafref_nodes, u) {
         if (lyd_get_or_create_leafref_links_record(rec->leafref_nodes[u], &rec2, 0) == LY_SUCCESS) {
             LY_ARRAY_REMOVE_VALUE(rec2->target_nodes, rec->node);
             if ((LY_ARRAY_COUNT(rec2->leafref_nodes) == 0) && (LY_ARRAY_COUNT(rec2->target_nodes) == 0)) {
                 lyd_free_leafref_nodes(rec->leafref_nodes[u]);
+                /* refresh current record pointer as previous operation might move the records within memory */
+                lyd_get_or_create_leafref_links_record(node, &rec, 0);
+                assert(rec);
             }
         }
     }
@@ -165,6 +170,9 @@ lyd_free_leafref_links_rec(struct lyd_leafref_links_rec *rec)
             LY_ARRAY_REMOVE_VALUE(rec2->leafref_nodes, rec->node);
             if ((LY_ARRAY_COUNT(rec2->leafref_nodes) == 0) && (LY_ARRAY_COUNT(rec2->target_nodes) == 0)) {
                 lyd_free_leafref_nodes(rec->target_nodes[u]);
+                /* refresh current record pointer as previous operation might move the records within memory */
+                lyd_get_or_create_leafref_links_record(node, &rec, 0);
+                assert(rec);
             }
         }
     }
@@ -187,6 +195,9 @@ lyd_free_leafref_nodes(const struct lyd_node_term *node)
 
     /* free entry content */
     lyd_free_leafref_links_rec(rec);
+    /* refresh current record pointer as previous operation might move the records within memory */
+    lyd_get_or_create_leafref_links_record(node, &rec, 0);
+    assert(rec);
 
     /* free entry itself from hash table */
     ht = LYD_CTX(node)->leafref_links_ht;