[ovs-dev] [PATCH] ofp-print: Fix a memory leak reported by fuzz
Justin Pettit
jpettit at ovn.org
Fri Sep 14 20:14:40 UTC 2018
Thanks for the fix, Yifeng. I pushed this to master and branch-2.10. However, after I pushed it, I noticed a couple of issues:
- There is at least one more code path that would have a similar issue.
- The description of ofputil_decode_port_stats() states that it only needs to be freed on success.
We could fix both of those issues, but I think the leak happens when an error happens after a successful call to parse_intel_port_custom_property() in ofputil_pull_ofp14_port_stats(). What about something like the incremental patch at the end of this message instead?
--Justin
-=-=-=-=-=-=-=-=-
diff --git a/lib/ofp-port.c b/lib/ofp-port.c
index ec70f46e96bb..3d1ada9ceb99 100644
--- a/lib/ofp-port.c
+++ b/lib/ofp-port.c
@@ -1697,6 +1697,7 @@ ofputil_pull_ofp14_port_stats(struct ofputil_port_stats *ops,
}
if (error) {
+ netdev_free_custom_stats_counters(&ops->custom_stats);
return error;
}
}
diff --git a/lib/ofp-print.c b/lib/ofp-print.c
index 37d7b8b98c55..e05a969a82b0 100644
--- a/lib/ofp-print.c
+++ b/lib/ofp-print.c
@@ -558,7 +558,6 @@ ofp_print_ofpst_port_reply(struct ds *string, const struct ofp_header *oh,
retval = ofputil_decode_port_stats(&ps, &b);
if (retval) {
- netdev_free_custom_stats_counters(&ps.custom_stats);
return retval != EOF ? retval : 0;
}
ofputil_format_port_stats(string, &ps, port_map);
> On Sep 13, 2018, at 6:19 AM, Yifeng Sun <pkusunyifeng at gmail.com> wrote:
>
> When ofputil_decode_port_stats returns error, it is possible that
> custom_stats_counters is valid and still need freed.
>
> The fuzz report link is
> https://oss-fuzz.com/testcase?key=5739356233400320
>
> Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
> ---
> lib/ofp-print.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/lib/ofp-print.c b/lib/ofp-print.c
> index e05a969a82b0..37d7b8b98c55 100644
> --- a/lib/ofp-print.c
> +++ b/lib/ofp-print.c
> @@ -558,6 +558,7 @@ ofp_print_ofpst_port_reply(struct ds *string, const struct ofp_header *oh,
>
> retval = ofputil_decode_port_stats(&ps, &b);
> if (retval) {
> + netdev_free_custom_stats_counters(&ps.custom_stats);
> return retval != EOF ? retval : 0;
> }
> ofputil_format_port_stats(string, &ps, port_map);
> --
> 2.7.4
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
More information about the dev
mailing list