The sflow action only uses 8 bytes of the total 16 for user_action_cookie, but fix_sflow_action() was checking for the presence of all 8, so if the sflow action wasn't followed by a few other actions then 'cookie' would end up NULL and the assertion would segfault.
Bug #16659. Reported-by: Dhaval Badiani <[email protected]> Signed-off-by: Ben Pfaff <[email protected]> --- AUTHORS | 1 + ofproto/ofproto-dpif.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/AUTHORS b/AUTHORS index 8656dee..b314ce6 100644 --- a/AUTHORS +++ b/AUTHORS @@ -123,6 +123,7 @@ Cedric Hobbs [email protected] Dave Walker [email protected] David Palma [email protected] Derek Cormier [email protected] +Dhaval Badiani [email protected] Duffie Cooley [email protected] DK Moon [email protected] Edwin Chiu [email protected] diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index 40e897f..6ec1c23 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -6073,7 +6073,7 @@ fix_sflow_action(struct action_xlate_ctx *ctx) } cookie = ofpbuf_at(ctx->odp_actions, ctx->user_cookie_offset, - sizeof(*cookie)); + sizeof cookie->sflow); ovs_assert(cookie->type == USER_ACTION_COOKIE_SFLOW); compose_sflow_cookie(ctx->ofproto, base->vlan_tci, -- 1.7.10.4 _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
