[ovs-dev] [dp-cleanups 2/4] datapath: Avoid freeing wild pointer in corner case.

Ben Pfaff blp at nicira.com
Fri Apr 29 17:07:23 UTC 2011


In odp_flow_cmd_new_or_set(), if flow_actions_alloc() fails in the "new
flow" case, then flow_put() will kfree() the new flow's 'sf_acts' pointer,
but nothing has initialized that pointer.  Initialize the pointer to NULL
to avoid the problem.

Found by inspection.

Signed-off-by: Ben Pfaff <blp at nicira.com>
---
 datapath/flow.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/datapath/flow.c b/datapath/flow.c
index f264866..d670925 100644
--- a/datapath/flow.c
+++ b/datapath/flow.c
@@ -196,6 +196,7 @@ struct sw_flow *flow_alloc(void)
 
 	spin_lock_init(&flow->lock);
 	atomic_set(&flow->refcnt, 1);
+	flow->sf_acts = NULL;
 	flow->dead = false;
 
 	return flow;
-- 
1.7.4.4




More information about the dev mailing list