In the event a schema conversion aborts, the cleanup code in
ovsdb_convert() prior to this patch will remove the in-memory
copy of the new database prior to aborting any on-going
transactions in that database, consequently leading to a use after
free and potential crash.
Fixes: 1b1d2e6daa56 ("ovsdb: Introduce experimental support for clustered
databases.")
Signed-off-by: Frode Nordahl <[email protected]>
---
ovsdb/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ovsdb/file.c b/ovsdb/file.c
index 8bd1d4af3..778b4004b 100644
--- a/ovsdb/file.c
+++ b/ovsdb/file.c
@@ -388,10 +388,10 @@ ovsdb_convert(const struct ovsdb *src, const struct
ovsdb_schema *new_schema,
return NULL;
error:
- ovsdb_destroy(dst);
if (txn) {
ovsdb_txn_abort(txn);
}
+ ovsdb_destroy(dst);
*dstp = NULL;
return error;
}
--
2.40.1
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
