[ovs-dev] [PATCH] ofp-actions: Avoid assertion failure for clone(ct(...bad actions...)).

Ben Pfaff blp at ovn.org
Fri Aug 17 23:40:15 UTC 2018


On Fri, Aug 17, 2018 at 04:10:00PM -0700, Justin Pettit wrote:
> 
> > On Aug 15, 2018, at 2:57 PM, Ben Pfaff <blp at ovn.org> wrote:
> > 
> > decode_NXAST_RAW_CT() temporarily pulls data off the beginning of its
> > ofpacts output ofpbuf and, on its error path, fails to push it back on.
> > At a higher layer, decode_NXAST_RAW_CLONE() asserts, via
> > ofpact_finish_CLONE(), that the ofpact_clone that it put is still in the
> > place where it put it, which causes an assertion failure.
> > 
> > The root cause here is the failure to re-push the clone header.  One could
> > fix that, but it would be pretty easy for that to go wrong again on some
> > other obscure error path.  Instead, this commit just makes the problem go
> > away by always saving and restoring 'ofpact->data' if a decode fails.
> > 
> > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9862
> > Signed-off-by: Ben Pfaff <blp at ovn.org>
> 
> Acked-by: Justin Pettit <jpettit at ovn.org>

Thanks.  Applied to master, backported as far as branch-2.7.


More information about the dev mailing list