[ovs-dev] [PATCH 01/13] replication: Avoid theoretical use-after-free error in reset_database().

Ben Pfaff blp at ovn.org
Sat Oct 7 00:44:46 UTC 2017


Code that calls ovsdb_txn_row_delete() should avoid referencing the
deleted row again, because it might be freed.  In practice this shouldn't
really happen in this case because of the particular circumstances, but it
costs little to be careful.

Signed-off-by: Ben Pfaff <blp at ovn.org>
---
 ovsdb/replication.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ovsdb/replication.c b/ovsdb/replication.c
index 304212d9d93a..47b0af19bbf6 100644
--- a/ovsdb/replication.c
+++ b/ovsdb/replication.c
@@ -529,8 +529,8 @@ reset_database(struct ovsdb *db)
         /* Delete all rows if the table is not blacklisted. */
         if (!blacklist_tables_find(db->schema->name, table_node->name)) {
             struct ovsdb_table *table = table_node->data;
-            struct ovsdb_row *row;
-            HMAP_FOR_EACH (row, hmap_node, &table->rows) {
+            struct ovsdb_row *row, *next;
+            HMAP_FOR_EACH_SAFE (row, next, hmap_node, &table->rows) {
                 ovsdb_txn_row_delete(txn, row);
             }
         }
-- 
2.10.2



More information about the dev mailing list