On Thu, Oct 25, 2018 at 02:41:50PM -0700, Yifeng Sun wrote: > In the filed of ver_flags_ttl_len of struct nshhdr, there are only 6 > bits that are used to indicate header's total length in 4-byte words. > Therefore, the max value for total is 252 (63x4), instead of 256 used > in present code base. This patch fixes it. > > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10855 > Signed-off-by: Yifeng Sun <[email protected]>
Thanks for the patch and the bug fix. Would you mind adding a few words to the commit message that explains how this can lead to stack overflow? Thanks, Ben. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
