This patch should also fix the bug reported at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10802
On Fri, Oct 5, 2018 at 2:50 PM Yifeng Sun <pkusunyif...@gmail.com> wrote: > After ofpbug_put, actions may have been reallocated and > key will point to invalid memory address. > > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10796 > Signed-off-by > <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10796Signed-off-by>: > Yifeng Sun <pkusunyif...@gmail.com> > --- > lib/odp-util.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/lib/odp-util.c b/lib/odp-util.c > index 890c71b7f336..7705bb30ae21 100644 > --- a/lib/odp-util.c > +++ b/lib/odp-util.c > @@ -2242,13 +2242,14 @@ parse_odp_action(const char *s, const struct simap > *port_names, > key->nla_len += size; > ofpbuf_put(actions, mask + 1, size); > > - /* Add new padding as needed */ > - ofpbuf_put_zeros(actions, NLA_ALIGN(key->nla_len) - > - key->nla_len); > - > /* 'actions' may have been reallocated by ofpbuf_put(). */ > nested = ofpbuf_at_assert(actions, start_ofs, sizeof > *nested); > nested->nla_type = OVS_ACTION_ATTR_SET_MASKED; > + > + key = nested + 1; > + /* Add new padding as needed */ > + ofpbuf_put_zeros(actions, NLA_ALIGN(key->nla_len) - > + key->nla_len); > } > } > ofpbuf_uninit(&maskbuf); > -- > 2.7.4 > > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev