[ovs-dev] [PATCH] Always use valid ids pointer in dec_ttl_cnt_ids_from_openflow()

Simon Horman horms at verge.net.au
Mon Jun 3 05:46:30 UTC 2013

Always update the ids pointer after calling ofpbuf_put()
to ensure that it is valid when accessed.

During testing a case came up where the call to ofpbuf_put() in the
for (i = 0; i < ids->n_controllers; i++) loop would cause the underlying
buffer to be reallocated. This resulted in ids->n_controllers being an
incorrect value, the loop continuing on longer than desired and finally a
segmentation fault.

Reported-by: Joe Stringer <joe at wand.net.nz>
Signed-off-by: Simon Horman <horms at verge.net.au>
 lib/ofp-actions.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
index d9d90ea..a445990 100644
--- a/lib/ofp-actions.c
+++ b/lib/ofp-actions.c
@@ -209,9 +209,9 @@ dec_ttl_cnt_ids_from_openflow(const struct nx_action_cnt_ids *nac_ids,
     for (i = 0; i < ids->n_controllers; i++) {
         uint16_t id = ntohs(((ovs_be16 *)(nac_ids + 1))[i]);
         ofpbuf_put(out, &id, sizeof id);
+        ids = out->l2;
-    ids = out->l2;
     ofpact_update_len(out, &ids->ofpact);
     return 0;

More information about the dev mailing list