The sflow action only uses 8 bytes of the total 16 for user_action_cookie,
but fix_sflow_action() was checking for the presence of all 8, so if the
sflow action wasn't followed by a few other actions then 'cookie' would
end up NULL and the assertion would segfault.
Bug #16659.
Reported-by: Dhaval Badiani <dbadi...@vmware.com>
Signed-off-by: Ben Pfaff <b...@nicira.com>
---
AUTHORS | 1 +
ofproto/ofproto-dpif.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/AUTHORS b/AUTHORS
index 8656dee..b314ce6 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -123,6 +123,7 @@ Cedric Hobbs ced...@nicira.com
Dave Walker davewal...@ubuntu.com
David Palma pa...@onesource.pt
Derek Cormier derek.corm...@lab.ntt.co.jp
+Dhaval Badiani dbadi...@vmware.com
Duffie Cooley dcoo...@nicira.com
DK Moon dkm...@nicira.com
Edwin Chiu ec...@nicira.com
diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index 40e897f..6ec1c23 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -6073,7 +6073,7 @@ fix_sflow_action(struct action_xlate_ctx *ctx)
}
cookie = ofpbuf_at(ctx->odp_actions, ctx->user_cookie_offset,
- sizeof(*cookie));
+ sizeof cookie->sflow);
ovs_assert(cookie->type == USER_ACTION_COOKIE_SFLOW);
compose_sflow_cookie(ctx->ofproto, base->vlan_tci,
--
1.7.10.4
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
