On Fri, Aug 17, 2018 at 04:10:00PM -0700, Justin Pettit wrote: > > > On Aug 15, 2018, at 2:57 PM, Ben Pfaff <[email protected]> wrote: > > > > decode_NXAST_RAW_CT() temporarily pulls data off the beginning of its > > ofpacts output ofpbuf and, on its error path, fails to push it back on. > > At a higher layer, decode_NXAST_RAW_CLONE() asserts, via > > ofpact_finish_CLONE(), that the ofpact_clone that it put is still in the > > place where it put it, which causes an assertion failure. > > > > The root cause here is the failure to re-push the clone header. One could > > fix that, but it would be pretty easy for that to go wrong again on some > > other obscure error path. Instead, this commit just makes the problem go > > away by always saving and restoring 'ofpact->data' if a decode fails. > > > > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9862 > > Signed-off-by: Ben Pfaff <[email protected]> > > Acked-by: Justin Pettit <[email protected]>
Thanks. Applied to master, backported as far as branch-2.7. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
