On 26 Feb 2026, at 11:40, Eelco Chaudron via dev wrote:
> Coverity reports an out-of-bounds access warning (CID 278397) in the
> commit_encap_decap_action() function for the PT_NSH case.
>
> The code uses memcpy to copy fields from dl_dst onwards:
> memcpy(&base_flow->dl_dst, &flow->dl_dst,
> sizeof(*flow) - offsetof(struct flow, dl_dst));
>
> Coverity sees &base_flow->dl_dst as a pointer to a 6-byte struct
> eth_addr and flags the ~200-byte memcpy as buffer overflow. While
> this works in practice (dl_dst is followed by other struct fields),
> it's fragile and confusing to static analyzers because we're treating
> a member pointer as if it points to a larger memory region.
>
> Fix this by using byte-level pointer arithmetic on the structs
> themselves rather than on the member. This makes it explicit that
> we're copying from an offset within the struct to the end of the
> struct, which is clearer to both humans and static analyzers.
>
> Fixes: 1fc11c5948cf ("Generic encap and decap support for NSH")
> Signed-off-by: Eelco Chaudron <[email protected]>
Recheck-request: github-robot
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
