Always update the ids pointer after calling ofpbuf_put() to ensure that it is valid when accessed.
During testing a case came up where the call to ofpbuf_put() in the for (i = 0; i < ids->n_controllers; i++) loop would cause the underlying buffer to be reallocated. This resulted in ids->n_controllers being an incorrect value, the loop continuing on longer than desired and finally a segmentation fault. Reported-by: Joe Stringer <[email protected]> Signed-off-by: Simon Horman <[email protected]> --- lib/ofp-actions.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c index d9d90ea..a445990 100644 --- a/lib/ofp-actions.c +++ b/lib/ofp-actions.c @@ -209,9 +209,9 @@ dec_ttl_cnt_ids_from_openflow(const struct nx_action_cnt_ids *nac_ids, for (i = 0; i < ids->n_controllers; i++) { uint16_t id = ntohs(((ovs_be16 *)(nac_ids + 1))[i]); ofpbuf_put(out, &id, sizeof id); + ids = out->l2; } - ids = out->l2; ofpact_update_len(out, &ids->ofpact); return 0; -- 1.8.2.1 _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
