[ovs-dev] [PATCH] expr: Properly initialize expr_constant

Yifeng Sun pkusunyifeng at gmail.com
Mon Oct 1 21:28:33 UTC 2018


expr_constant.masked may be uninitialized when its type is EXPR_C_STRING.
This patch fixes this issue.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10731
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
---
 include/ovn/expr.h | 10 +++++++++-
 ovn/lib/expr.c     |  4 ++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/include/ovn/expr.h b/include/ovn/expr.h
index 3995e62f066c..8d3cab399bf0 100644
--- a/include/ovn/expr.h
+++ b/include/ovn/expr.h
@@ -450,7 +450,9 @@ enum expr_constant_type {
     EXPR_C_STRING
 };
 
-/* A string or integer constant (one must know which from context). */
+/* A string or integer constant (one must know which from context).
+ * It should be initialized through expr_constant_init().
+ */
 union expr_constant {
     /* Integer constant.
      *
@@ -469,6 +471,12 @@ union expr_constant {
     char *string;
 };
 
+static inline void
+expr_constant_init(union expr_constant *c)
+{
+    memset(c, 0, sizeof *c);
+}
+
 bool expr_constant_parse(struct lexer *, const struct expr_field *,
                          union expr_constant *);
 void expr_constant_format(const union expr_constant *,
diff --git a/ovn/lib/expr.c b/ovn/lib/expr.c
index 148ac869e861..0a2cef2f0ee9 100644
--- a/ovn/lib/expr.c
+++ b/ovn/lib/expr.c
@@ -805,6 +805,7 @@ parse_constant(struct expr_context *ctx, struct expr_constant_set *cs,
         }
 
         union expr_constant *c = &cs->values[cs->n_values++];
+        expr_constant_init(c);
         c->value = ctx->lexer->token.value;
         c->format = ctx->lexer->token.format;
         c->masked = ctx->lexer->token.type == LEX_T_MASKED_INTEGER;
@@ -1004,6 +1005,7 @@ expr_const_sets_add(struct shash *const_sets, const char *name,
                           values[i], lex.token.type);
             } else {
                 union expr_constant *c = &cs->values[cs->n_values++];
+                expr_constant_init(c);
                 c->value = lex.token.value;
                 c->format = lex.token.format;
                 c->masked = lex.token.type == LEX_T_MASKED_INTEGER;
@@ -1017,6 +1019,7 @@ expr_const_sets_add(struct shash *const_sets, const char *name,
         cs->type = EXPR_C_STRING;
         for (size_t i = 0; i < n_values; i++) {
             union expr_constant *c = &cs->values[cs->n_values++];
+            expr_constant_init(c);
             c->string = xstrdup(values[i]);
         }
     }
@@ -1120,6 +1123,7 @@ expr_parse_primary(struct expr_context *ctx, bool *atomic)
             *atomic = true;
 
             union expr_constant *cst = xzalloc(sizeof *cst);
+            expr_constant_init(cst);
             cst->format = LEX_F_HEXADECIMAL;
             cst->masked = false;
 
-- 
2.7.4



More information about the dev mailing list