Ilya Maximets <[email protected]> writes: > nx_to_ofp_flow_update_event() aborts the execution if incorrect > event is passed, so checking has to be done before conversion > in order to avoid the crash while decoding malformed flow update > message: > > ==397030==ERROR: AddressSanitizer: ABRT on unknown address 0x... ) > 0 0x7fd26688418b in raise > 1 0x7fd266863858 in abort > 2 0x6a6cbd in nx_to_ofp_flow_update_event lib/ofp-monitor.c:399:9 > 3 0x6a6cbd in ofputil_decode_flow_update lib/ofp-monitor.c:856:25 > 4 0x56491d in ofp_print_flow_monitor_reply lib/ofp-print.c:779:22 > 5 0x55f0a0 in ofp_to_string__ lib/ofp-print.c:1154:16 > 6 0x55f0a0 in ofp_to_string lib/ofp-print.c:1244:21 > 7 0x5603a5 in ofp_print lib/ofp-print.c:1288:28 > > Credit to OSS-Fuzz. > > Additionally removed the extra 'reply' word from the error message, > since ofpraw_get_name(raw) already has one. > > Fixes: c3e64047d1cc ("ofp-monitor: Support flow monitoring for OpenFlow 1.3, > 1.4+.") > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47112 > Signed-off-by: Ilya Maximets <[email protected]> > ---
Good catch - as a side note, it would be really cool to get some OSS-Fuzz runs as a robot for periodic testing. Right now, I don't think anyone but you / Ben has access to these issues as they pop up. For example, I can't check the oss-fuzz issue "Permissions Denied." Acked-by: Aaron Conole <[email protected]> _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
