[ovs-dev] [PATCH] lib/dpif: Fix crash in format_odp_actions, actions = 0x0

Madhu Challa challa at noironetworks.com
Fri Oct 17 23:07:25 UTC 2014


dpif_flow_get initializes the flow_get part of the union, down the stack
log_flow_message checks for actions || actions_len that could contain
garbage leading to the crash.

saw the crash once when running stress tests. can be easily recreated
by running ovs-dpctl del-flows in a loop when traffic is going on

Signed-off-by: Madhu Challa <challa at noironetworks.com>
---
 lib/dpif.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/dpif.c b/lib/dpif.c
index d088f68..72ae2d4 100644
--- a/lib/dpif.c
+++ b/lib/dpif.c
@@ -840,6 +840,8 @@ dpif_flow_get(struct dpif *dpif,
     struct dpif_op *opp;
     struct dpif_op op;
 
+    memset(&op, 0, sizeof op);
+
     op.type = DPIF_OP_FLOW_GET;
     op.u.flow_get.key = key;
     op.u.flow_get.key_len = key_len;
-- 
1.7.9.5




More information about the dev mailing list