> On Aug 11, 2015, at 12:23 AM, neeraj mehta <[email protected]> wrote: > > Hi, > > There is a possible defect in "utilities/ovs-ofctl.c" line 2013 OVS-2.3.2. > > In ovs-ofctl.c, NULL(in certain conditions) being passed as argument in > memcmp(). > ISO C says that the arguments to memcmp() must not be NULL. > > --- > > "lib/ofpbuf.h" 425L, 14598C OVS-2.3.2 > > static inline void * ofpbuf_l3(const struct ofpbuf *b) > { > return b->l3_ofs != UINT16_MAX ? (char *)b->frame + b->l3_ofs : NULL; > } > --- > > --- > "utilities/ovs-ofctl.c" line 2013 OVS-2.3.2 > if (ofptype_pull(&type, reply) > || type != OFPTYPE_ECHO_REPLY > || ofpbuf_size(reply) != payload > || memcmp(ofpbuf_l3(request), ofpbuf_l3(reply), payload)) { > --- > > One of possible solutions for this can be: > > --- > "utilities/ovs-ofctl.c" line 2013 OVS-2.3.2 > if (ofptype_pull(&type, reply) > || type != OFPTYPE_ECHO_REPLY > || ofpbuf_size(reply) != payload > + || !ofpbuf_l3(request) || !ofpbuf_l3(reply) > || memcmp(ofpbuf_l3(request), ofpbuf_l3(reply), payload)) { > --- > > Can someone confirm the above understanding? > If this is an issue, I will submit a patch against this.
Do you see a way for "l3_ofs" to not bet set? It looks to me like "request" is set by ofpraw_alloc() and "reply" is set by ofptype_pull(). --Justin _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
