On Mon, Jul 20, 2015 at 01:22:32AM -0700, Alex Wang wrote: > Commit 6fd6ed7 (ofpbuf: Simplify ofpbuf API.) introduced the > 'header' and 'msg' pointers to 'struct ofpbuf'. However, we > forget to update the 'msg' pointer when resizing ofpbuf. > > This bug could cause serious issue. For example, in the function > ofputil_encode_nx_packet_in(), the 'msg' pointer is populated in > ofpraw_alloc_xid() when creating the ofpbuf . Later, the ofpbuf > memory can be reallocated due to the writing to the ofpbuf. > However, since the 'msg' pointer is not updated, the later use of > the 'ofpbuf->msg' will end up writing to either free'ed memory or > memory allocated for other struct. > > This commit fixes the bug by always updating the 'header' and > 'msg' pointers when the ofpbuf is resized. Also, a simple test > is added. > > Signed-off-by: Alex Wang <[email protected]>
Good catch! I don't understand the new comment on ofpbuf_trim(). ofpbuf_resize__() will adjust the pointers automatically, won't it? Acked-by: Ben Pfaff <[email protected]> _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
