[ovs-dev] [coverity 01/12] meta-flow: Avoid null pointer dereference in mf_format_frag_string().

Ethan Jackson ethan at nicira.com
Wed Jan 30 00:08:53 UTC 2013


Acked-by: Ethan Jackson <ethan at nicira.com>

On Thu, Jan 24, 2013 at 2:44 PM, Ben Pfaff <blp at nicira.com> wrote:
> The 'maskp' parameter to this function can be NULL, but the function
> always dereferenced it.  This commit fixes the problem.
>
> This commit also fixes the order in which the value and mask were adjusted
> to correctly discard 1-bits outside of FLOW_NW_FRAG_MASK.
>
> Found by Coverity.
>
> Signed-off-by: Ben Pfaff <blp at nicira.com>
> ---
>  lib/meta-flow.c |    9 +++------
>  1 files changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/lib/meta-flow.c b/lib/meta-flow.c
> index 87887a8..8a92a5c 100644
> --- a/lib/meta-flow.c
> +++ b/lib/meta-flow.c
> @@ -2242,15 +2242,12 @@ mf_format_integer_string(const struct mf_field *mf, const uint8_t *valuep,
>  }
>
>  static void
> -mf_format_frag_string(const uint8_t *valuep, const uint8_t *maskp,
> -                      struct ds *s)
> +mf_format_frag_string(uint8_t value, uint8_t mask, struct ds *s)
>  {
>      const struct frag_handling *h;
> -    uint8_t value = *valuep;
> -    uint8_t mask = *maskp;
>
> -    value &= mask;
>      mask &= FLOW_NW_FRAG_MASK;
> +    value &= mask;
>
>      for (h = all_frags; h < &all_frags[ARRAY_SIZE(all_frags)]; h++) {
>          if (value == h->value && mask == h->mask) {
> @@ -2309,7 +2306,7 @@ mf_format(const struct mf_field *mf,
>          break;
>
>      case MFS_FRAG:
> -        mf_format_frag_string(&value->u8, &mask->u8, s);
> +        mf_format_frag_string(value->u8, mask ? mask->u8 : UINT8_MAX, s);
>          break;
>
>      case MFS_TNL_FLAGS:
> --
> 1.7.2.5
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev



More information about the dev mailing list