On Tue, Sep 16, 2014 at 3:30 PM, Anup Khadka <khadka...@gmail.com> wrote:
> It looks like OVS tries to double-free in delete_flows_loose if the > rules->rules (inside struct rule_collection *rules is not equal to > rules->stub). > > A little more detail: > In the function delete_flows_loose, the call to the function > collect_rules_loose takes care of freeing rules (again struct > rule_collection *rules) if there is any error while collecting the rule. > > The function returns back to delete_flows_loose where it calls > rule_collection_destroy again. > > Because rules->rules is still not rules->stab, it attempts to free the > rules structure again, resulting in a double-free. > > Perhaps rules->rules can be set to rules->stab inside > rule_collection_destroy function after its freed. Or perhaps, > rule_collection_destroy should only be called from delete_flows_loose if > there is no error, or perhaps collect_rules_loose should not take care of > freeing the data structure. > > Please let me know if its a bug. > > Thanks, > Anup >
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
