On Tue, Dec 17, 2013 at 10:22:19AM -0800, Jarno Rajahalme wrote: > Commit da546e0 (dpif: Allow execute to modify the packet.) uninitializes > the "dpif_upcall.packet" of "struct upcall" when dpif_recv() returns error. > The packet ofpbuf is likely uninitialized in this case, hence calling > ofpbuf_uninit() on it will likely cause a SEGFAULT. > > This commit fixes this bug by only uninitializing packet's ofpbuf on > successfully received upcalls. > > A note warning about this is added on the comment of dpif_recv() in > dpif-provider.h. > > Reported-by: Alex Wang <[email protected]> > Signed-off-by: Jarno Rajahalme <[email protected]>
I'd add a similar comment on dpif_recv() also. Acked-by: Ben Pfaff <[email protected]> (Another approach would be to make dpif_recv() initialize the buffer on error return.) _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
