dpif_flow_get initializes the flow_get part of the union, down the stack
log_flow_message checks for actions || actions_len that could contain
garbage leading to the crash.
saw the crash once when running stress tests. can be easily recreated
by running ovs-dpctl del-flows in a loop when traffic is going on
Signed-off-by: Madhu Challa <cha...@noironetworks.com>
---
lib/dpif.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/dpif.c b/lib/dpif.c
index d088f68..72ae2d4 100644
--- a/lib/dpif.c
+++ b/lib/dpif.c
@@ -840,6 +840,8 @@ dpif_flow_get(struct dpif *dpif,
struct dpif_op *opp;
struct dpif_op op;
+ memset(&op, 0, sizeof op);
+
op.type = DPIF_OP_FLOW_GET;
op.u.flow_get.key = key;
op.u.flow_get.key_len = key_len;
--
1.7.9.5
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
