> On Jun 25, 2018, at 11:50 AM, Ben Pfaff <[email protected]> wrote: > > The length check was wrong for immediate arguments to "learn" actions. > > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9047 > Signed-off-by: Ben Pfaff <[email protected]> > --- > lib/ofp-actions.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c > index e91e0b252390..3f7702185a64 100644 > --- a/lib/ofp-actions.c > +++ b/lib/ofp-actions.c > @@ -4740,7 +4740,7 @@ learn_min_len(uint16_t header) > min_len += sizeof(ovs_be32); /* src_field */ > min_len += sizeof(ovs_be16); /* src_ofs */ > } else { > - min_len += DIV_ROUND_UP(n_bits, 16); > + min_len += 2 * DIV_ROUND_UP(n_bits, 16);
I trust you that you are correct, but it wasn't clear to me why this was the case. I assume this is for when src_type is NX_LEARN_SRC_IMMEDIATE, but the only comment about it I found was in the description of ofpact_learn_spec, which discusses "DIV_ROUND_UP(n_bits, 8)". Acked-by: Justin Pettit <[email protected]> --Justin _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
