In some cases, parsing of the note action could cause a realloc
which would result in the use of memory which was no longer
allocated.
---
lib/ofp-parse.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/lib/ofp-parse.c b/lib/ofp-parse.c
index 7742c82..5bc0484 100644
--- a/lib/ofp-parse.c
+++ b/lib/ofp-parse.c
@@ -486,6 +486,7 @@ str_to_action(char *str, struct ofpbuf *b)
if (remainder) {
ofpbuf_put_zeros(b, OFP_ACTION_ALIGN - remainder);
}
+ nan = (struct nx_action_note *)((char *)b->data + start_ofs);
nan->len = htons(b->size - start_ofs);
} else if (!strcasecmp(act, "move")) {
struct nx_action_reg_move *move;
--
1.7.5.2
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
