Re: [ovs-dev] [PATCH 1/2] dpif-netdev: Fix memory leak.

Ed Maste Thu, 16 Aug 2012 06:51:37 -0700

On 15 August 2012 19:12, Ben Pfaff <b...@nicira.com> wrote:
> upcall->packet is allocated with malloc(), via ofpbuf_new(), but nothing
> ever frees it.
>
> Found by valgrind.
>
> CC: Ed Maste <ema...@freebsd.org>
> Signed-off-by: Ben Pfaff <b...@nicira.com>
> ---
>  lib/dpif-netdev.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
> index 7fa2720..3d01b17 100644
> --- a/lib/dpif-netdev.c
> +++ b/lib/dpif-netdev.c
> @@ -966,6 +966,7 @@ dpif_netdev_recv(struct dpif *dpif, struct dpif_upcall 
> *upcall,
>
>          ofpbuf_uninit(buf);
>          *buf = *upcall->packet;
> +        free(upcall->packet);
>
>          return 0;
>      } else {
> --
> 1.7.2.5


This looks like it results in a use-after-free in dpif_recv which
accesses upcall->packet (which may be a moot point after the 2nd
patch; I'm going to look at it now).

-Ed
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Re: [ovs-dev] [PATCH 1/2] dpif-netdev: Fix memory leak.

Reply via email to