[ovs-dev] [PATCH] ofp-print: Fix a memory leak reported by fuzz

Justin Pettit jpettit at ovn.org
Fri Sep 14 20:14:40 UTC 2018 

Thanks for the fix, Yifeng.  I pushed this to master and branch-2.10.  However, after I pushed it, I noticed a couple of issues:

	- There is at least one more code path that would have a similar issue.

	- The description of ofputil_decode_port_stats() states that it only needs to be freed on success.

We could fix both of those issues, but I think the leak happens when an error happens after a successful call to parse_intel_port_custom_property() in ofputil_pull_ofp14_port_stats().  What about something like the incremental patch at the end of this message instead?

--Justin


-=-=-=-=-=-=-=-=-

diff --git a/lib/ofp-port.c b/lib/ofp-port.c
index ec70f46e96bb..3d1ada9ceb99 100644
--- a/lib/ofp-port.c
+++ b/lib/ofp-port.c
@@ -1697,6 +1697,7 @@ ofputil_pull_ofp14_port_stats(struct ofputil_port_stats *ops,
         }
 
         if (error) {
+            netdev_free_custom_stats_counters(&ops->custom_stats);
             return error;
         }
     }
diff --git a/lib/ofp-print.c b/lib/ofp-print.c
index 37d7b8b98c55..e05a969a82b0 100644
--- a/lib/ofp-print.c
+++ b/lib/ofp-print.c
@@ -558,7 +558,6 @@ ofp_print_ofpst_port_reply(struct ds *string, const struct ofp_header *oh,
 
         retval = ofputil_decode_port_stats(&ps, &b);
         if (retval) {
-            netdev_free_custom_stats_counters(&ps.custom_stats);
             return retval != EOF ? retval : 0;
         }
         ofputil_format_port_stats(string, &ps, port_map);



> On Sep 13, 2018, at 6:19 AM, Yifeng Sun <pkusunyifeng at gmail.com> wrote:
> 
> When ofputil_decode_port_stats returns error, it is possible that
> custom_stats_counters is valid and still need freed.
> 
> The fuzz report link is
> https://oss-fuzz.com/testcase?key=5739356233400320
> 
> Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
> ---
> lib/ofp-print.c | 1 +
> 1 file changed, 1 insertion(+)
> 
> diff --git a/lib/ofp-print.c b/lib/ofp-print.c
> index e05a969a82b0..37d7b8b98c55 100644
> --- a/lib/ofp-print.c
> +++ b/lib/ofp-print.c
> @@ -558,6 +558,7 @@ ofp_print_ofpst_port_reply(struct ds *string, const struct ofp_header *oh,
> 
>         retval = ofputil_decode_port_stats(&ps, &b);
>         if (retval) {
> +            netdev_free_custom_stats_counters(&ps.custom_stats);
>             return retval != EOF ? retval : 0;
>         }
>         ofputil_format_port_stats(string, &ps, port_map);
> -- 
> 2.7.4
> 
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev

More information about the dev mailing list