The call to packet_set_ipv6() calls into packet_rh_present(), which in turn iterates through the L3 content. Without this commit, the l4_ofs in the packet has its default value of UINT16_MAX, which means that packet_rh_present() reads well beyond the real maximum length of the IPv6 header.
Reported by Address Sanitizer (actually the MLD test fails 100% of the time with Address Sanitizer without this fix, so I guess I'm the only one who uses it routinely). CC: Dumitru Ceara <[email protected]> Fixes: 677a3ba4d66b ("ovn: Add MLD support.") Signed-off-by: Ben Pfaff <[email protected]> --- controller/pinctrl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/controller/pinctrl.c b/controller/pinctrl.c index d06915a65173..dc8d3fd28ea0 100644 --- a/controller/pinctrl.c +++ b/controller/pinctrl.c @@ -3238,6 +3238,7 @@ pinctrl_compose_ipv6(struct dp_packet *packet, struct eth_addr eth_src, eh->eth_src = eth_src; eh->eth_type = htons(ETH_TYPE_IPV6); dp_packet_set_l3(packet, nh); + dp_packet_set_l4(packet, nh + 1); nh->ip6_vfc = 0x60; nh->ip6_nxt = ip_proto; -- 2.24.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
