On Mon, Sep 08, 2014 at 10:53:14AM -0700, Alex Wang wrote: > On current master, when 'upcall_receive()' returns error, the > ofpbuf 'upcall->put_actions' is uninitialized. In most cases, > the failure of 'upcall_receive()' will cause uninitialize of > 'upcall->put_actions' and free of uninitialized pointer. > > This commit fixes the issue by making 'upcall_receive()' always > initialize the 'upcall->put_actions'. > > Found by inspection. > > Signed-off-by: Alex Wang <al...@nicira.com>
It's a little unusual for an initialization function that fails to still leave the object that it initializes ready to be destroyed. If upcall_receive() fails, is there other data in 'upcall' that needs to be destroyed? If there is, then the other caller of upcall_receive() is wrong because it does not call upcall_uninit(). If there is not, then upcall_cb() can simply "return error;" instead of calling upcall_uninit(). Thanks, Ben. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
