On 14 Oct 2025, at 11:11, Kevin Traynor wrote:
> On 13/10/2025 13:32, Eelco Chaudron via dev wrote:
>> This patch fixes a potential null pointer dereference reported
>> by Coverity if an null actions list is passed to nl_attr_get()
>> in odp_execute_sample().
>>
>> Fixes: 26c6b6cd2b2e ("dpif-netdev: Implement OVS_ACTION_ATTR_SAMPLE action.")
>> Signed-off-by: Eelco Chaudron <[email protected]>
>> ---
>> v2: Actually check for the actions non-null
>> ---
>> lib/odp-execute.c | 7 +++++++
>> 1 file changed, 7 insertions(+)
>>
>> diff --git a/lib/odp-execute.c b/lib/odp-execute.c
>> index 7f4e337f8..8943db2a5 100644
>> --- a/lib/odp-execute.c
>> +++ b/lib/odp-execute.c
>> @@ -739,6 +739,13 @@ odp_execute_sample(void *dp, struct dp_packet *packet,
>> bool steal,
>> }
>> }
>>
>> + if (!subactions || !nl_attr_get_size(subactions)) {
>> + if (steal) {
>> + dp_packet_delete(packet);
>
> Seems like it needs the coverage counter increased here as well
>
> COVERAGE_INC(datapath_drop_sample_error);
Good catch, I can fold that in when applying. I’ll wait a bit longer to see if
any other comments come in.
Thanks,
Eelco
>> + }
>> + return;
>> + }
>> +
>> if (!steal) {
>> /* The 'subactions' may modify the packet, but the modification
>> * should not propagate beyond this sample action. Make a copy
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
