[ovs-dev] [PATCH] nx-match: Fix use-after-free parsing matches.
Joe Stringer
joe at ovn.org
Tue Mar 29 21:15:06 UTC 2016
On 23 March 2016 at 06:41, Ben Pfaff <blp at ovn.org> wrote:
> On Mon, Mar 07, 2016 at 11:31:02AM -0800, Joe Stringer wrote:
>> Address pointed by header_ptr might be free'd due to realloc
>> happened in ofpbuf_put_hex(). Reported by valgrind in the test
>> 379: check TCP flags expression in OXM and NXM.
>>
>> Invalid write of size 4
>> nx_match_from_string_raw (nx-match.c:1510)
>> nx_match_from_string (nx-match.c:1538)
>> ofctl_parse_nxm__ (ovs-ofctl.c:3325)
>> ovs_cmdl_run_command (command-line.c:121)
>> main (ovs-ofctl.c:137)
>>
>> Address 0x7a2cc40 is 0 bytes inside a block of size 64 free'd
>> free (vg_replace_malloc.c:530)
>> ofpbuf_resize__ (ofpbuf.c:246)
>> ofpbuf_put (ofpbuf.c:386)
>> ofpbuf_put_hex (ofpbuf.c:414)
>> nx_match_from_string_raw (nx-match.c:1488)
>> nx_match_from_string (nx-match.c:1538)
>> ofctl_parse_nxm__ (ovs-ofctl.c:3325)
>>
>> Reported-by: William Tu <u9012063 at gmail.com>
>> Signed-off-by: Joe Stringer <joe at ovn.org>
>
> Acked-by: Ben Pfaff <blp at ovn.org>
Thanks, applied to master.
More information about the dev
mailing list