[ovs-dev] [PATCH] ofctl_parse_target: Fix a bug that uses incomplete ofputil_flow_mod data

Yifeng Sun pkusunyifeng at gmail.com
Thu Oct 25 23:17:23 UTC 2018


When parse_ofp_flow_mod_str returns error, `fm` is incomplete and pointers
in it may be null, e.g. fm.match.flow. In this case, passing it to
ofctl_parse_flows__ may cause pointer errors because ofctl_parse_flows__
expects a valid input of type struct ofputil_flow_mod.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11110
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
---
 tests/oss-fuzz/ofctl_parse_target.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/oss-fuzz/ofctl_parse_target.c b/tests/oss-fuzz/ofctl_parse_target.c
index 29f89f9b53eb..13d0899dbbae 100644
--- a/tests/oss-fuzz/ofctl_parse_target.c
+++ b/tests/oss-fuzz/ofctl_parse_target.c
@@ -58,8 +58,9 @@ ofctl_parse_flow(const char *input, int command)
                                    command, &usable_protocols);
     if (error) {
         printf("Error encountered: %s\n", error);
+    } else {
+        ofctl_parse_flows__(&fm, 1, usable_protocols);
     }
-    ofctl_parse_flows__(&fm, 1, usable_protocols);
 }
 
 int
-- 
2.7.4



More information about the dev mailing list