On current master, when 'upcall_receive()' returns error, the
ofpbuf 'upcall->put_actions' is uninitialized. In most cases,
the failure of 'upcall_receive()' will cause uninitialize of
'upcall->put_actions' and free of uninitialized pointer.
This commit fixes the issue by making 'upcall_receive()' always
initialize the 'upcall->put_actions'.
Found by inspection.
Signed-off-by: Alex Wang <al...@nicira.com>
---
ofproto/ofproto-dpif-upcall.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ofproto/ofproto-dpif-upcall.c b/ofproto/ofproto-dpif-upcall.c
index cce89dd..d6ffee3 100644
--- a/ofproto/ofproto-dpif-upcall.c
+++ b/ofproto/ofproto-dpif-upcall.c
@@ -828,6 +828,8 @@ upcall_receive(struct upcall *upcall, const struct
dpif_backer *backer,
{
int error;
+ ofpbuf_init(&upcall->put_actions, 0);
+
error = xlate_lookup(backer, flow, &upcall->ofproto, &upcall->ipfix,
&upcall->sflow, NULL, &upcall->in_port);
if (error) {
@@ -838,7 +840,6 @@ upcall_receive(struct upcall *upcall, const struct
dpif_backer *backer,
upcall->packet = packet;
upcall->type = type;
upcall->userdata = userdata;
- ofpbuf_init(&upcall->put_actions, 0);
upcall->xout_initialized = false;
upcall->vsp_adjusted = false;
--
1.7.9.5
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
