[ovs-dev] [PATCH v2] Fix a memory allocation bug in CFM

[Ben Pfaff]

On Wed, Sep 04, 2013 at 09:00:12AM -0700, gyang at nicira.com wrote:
> From: Guolin Yang <gyang at nicira.com>
> 
> In cfm, when allocating the rmp array, the size is not calculated correctly
> which cause the remote MPID not correctly updated in ovsdb.
> 
> Signed-off-by: Guolin Yang <gyang at nicira.com>
> ---
> v1->v2
>     Change description of the fix based on Ben's comments

Thanks a lot.  I added some detail about the source of the problem to
the commit message and changed the "sizeof" style to match
CodingStyle, and I'll apply it as follows in a minute.

--8<--------------------------cut here-------------------------->8--

From: Guolin Yang <gyang at nicira.com>
Date: Wed, 4 Sep 2013 09:00:12 -0700
Subject: [PATCH] cfm: Fix a memory allocation bug in cfm_get_remove_mpids().

In cfm, when allocating the rmp array, the size is not calculated correctly
which cause the remote MPID not correctly updated in ovsdb.

This bug was introduced by commit 13b1b2ae70 (cfm: Make the CFM module
thread safe.).

Signed-off-by: Guolin Yang <gyang at nicira.com>
Signed-off-by: Ben Pfaff <blp at nicira.com>
---
 lib/cfm.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/cfm.c b/lib/cfm.c
index 297894e..4a46c05 100644
--- a/lib/cfm.c
+++ b/lib/cfm.c
@@ -862,7 +862,7 @@ cfm_get_remote_mpids(const struct cfm *cfm, uint64_t **rmps, size_t *n_rmps)
     OVS_EXCLUDED(mutex)
 {
     ovs_mutex_lock(&mutex);
-    *rmps = xmemdup(cfm->rmps_array, cfm->rmps_array_len);
+    *rmps = xmemdup(cfm->rmps_array, cfm->rmps_array_len * sizeof **rmps);
     *n_rmps = cfm->rmps_array_len;
     ovs_mutex_unlock(&mutex);
 }
-- 
1.7.10.4