[ovs-dev] [PATCH] ofpbuf: Fix use-after-free in bundle parse.
Ben Pfaff
blp at ovn.org
Wed Apr 13 05:00:47 UTC 2016
On Mon, Mar 07, 2016 at 11:12:40AM -0800, Joe Stringer wrote:
> As a separate thing, I was wondering about whether it's worthwhile to
> do something additional to try to avoid this kind of bug in future. A
> couple of ideas:
> * Rearrange the parse/decode functions so that ofpact_finish() is the
> final call within the decode_FOO()/parse_FOO() functions
> * Amend ofpact_finish() to have an additional 'void *localptr'
> parameter, so that the caller has to explicitly consider whether the
> pointer needs to be updated.
>
> Maybe the former is enough, perhaps + amend the comment above
> ofpact_finish() to make it more explicit that it may reallocate the
> buffer (and therefore invalidate local pointers in the caller
> context).
I came up with an idea:
http://openvswitch.org/pipermail/dev/2016-April/069508.html
More information about the dev
mailing list