On Fri, Jan 18, 2019 at 03:53:46PM +0300, Ilya Maximets wrote: > On 18.01.2019 14:18, Toms Atteka wrote: > > memmove byte count was calculated incorrectly as ofpbuf_put_uninit > > is increasing b->size by n. > > > > This patch fixes it by deducing byte count by n. > > > > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12296 > > Signed-off-by: Toms Atteka <[email protected]> > > --- > > lib/ofpbuf.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/lib/ofpbuf.c b/lib/ofpbuf.c > > index 9c06236..91a5295 100644 > > --- a/lib/ofpbuf.c > > +++ b/lib/ofpbuf.c > > @@ -469,9 +469,9 @@ void > > ofpbuf_insert(struct ofpbuf *b, size_t offset, const void *data, size_t n) > > { > > if (offset < b->size) { > > - ofpbuf_put_uninit(b, n); > > + ofpbuf_put_uninit(b, n); // b->size gets increased > > Please, don't use C99 style comments. Use /* */ instead.
I fixed that up, applied this to master and then backported it as far as branch-2.6. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
