When parse_ofp_flow_mod_str returns error, `fm` is incomplete and pointers in it may be null, e.g. fm.match.flow. In this case, passing it to ofctl_parse_flows__ may cause pointer errors because ofctl_parse_flows__ expects a valid input of type struct ofputil_flow_mod.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11110 Signed-off-by: Yifeng Sun <pkusunyif...@gmail.com> --- tests/oss-fuzz/ofctl_parse_target.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/oss-fuzz/ofctl_parse_target.c b/tests/oss-fuzz/ofctl_parse_target.c index 29f89f9b53eb..13d0899dbbae 100644 --- a/tests/oss-fuzz/ofctl_parse_target.c +++ b/tests/oss-fuzz/ofctl_parse_target.c @@ -58,8 +58,9 @@ ofctl_parse_flow(const char *input, int command) command, &usable_protocols); if (error) { printf("Error encountered: %s\n", error); + } else { + ofctl_parse_flows__(&fm, 1, usable_protocols); } - ofctl_parse_flows__(&fm, 1, usable_protocols); } int -- 2.7.4 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev