[ovs-dev] [PATCH 1/2] dpif-netdev: Fix memory leak.
Ed Maste
emaste at freebsd.org
Thu Aug 16 13:51:34 UTC 2012
On 15 August 2012 19:12, Ben Pfaff <blp at nicira.com> wrote:
> upcall->packet is allocated with malloc(), via ofpbuf_new(), but nothing
> ever frees it.
>
> Found by valgrind.
>
> CC: Ed Maste <emaste at freebsd.org>
> Signed-off-by: Ben Pfaff <blp at nicira.com>
> ---
> lib/dpif-netdev.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
> index 7fa2720..3d01b17 100644
> --- a/lib/dpif-netdev.c
> +++ b/lib/dpif-netdev.c
> @@ -966,6 +966,7 @@ dpif_netdev_recv(struct dpif *dpif, struct dpif_upcall *upcall,
>
> ofpbuf_uninit(buf);
> *buf = *upcall->packet;
> + free(upcall->packet);
>
> return 0;
> } else {
> --
> 1.7.2.5
This looks like it results in a use-after-free in dpif_recv which
accesses upcall->packet (which may be a moot point after the 2nd
patch; I'm going to look at it now).
-Ed
More information about the dev
mailing list