[ovs-dev] [OVN] Bug: using of uninitialized memory for ic_route_hash.

[Ilya Maximets]

Hi.

I tried to run OVN under MemorySanitizer and it found that 'nexthop'
that passed to ic_route_hash() is typically allocated on stack and
not fully initialized.  'nexthop' has type of 'struct v46_ip' which
contains a union to share space for ipv4 and ipv6 address.  If only
ipv4 initialized where is a plenty of uninitialized space that goes
to hash_bytes(nexthop, sizeof *nexthop, basis).  This might cause
inability to find this nexthop inside the hashmap.

So, 'nexthop' must be fully initialized with memset in order to
avoid such problems.  Another option is to use single structure
'struct in6_addr' and map ipv4 address to it with existing api:
in6_addr_{get,set}_mapped_ipv4/IN6_IS_ADDR_V4MAPPED.

To be honest, I do not understand why 'struct v46_ip' exist, but
that's a bit different story.

Report from MemorySanitizer:

==3074629==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x67177e in mhash_add__ ovs/./lib/hash.h:66:9
    #1 0x671668 in mhash_add ovs/./lib/hash.h:78:12
    #2 0x6701e9 in hash_bytes ovs/lib/hash.c:38:16
    #3 0x524b4a in add_network_to_routes_ad ic/ovn-ic.c:1095:5
    #4 0x51eea3 in route_run ic/ovn-ic.c:1424:21
    #5 0x51887b in main ic/ovn-ic.c:1674:17
    #6 0x7fd4ce7871a2 in __libc_start_main
    #7 0x49c90d in _start (ic/ovn-ic+0x49c90d)

  Uninitialized value was created by an allocation of 'nexthop' in the
  stack frame of function 'add_network_to_routes_ad'
    #0 0x5245f0 in add_network_to_routes_ad ic/ovn-ic.c:1069

Best regards, Ilya Maximets.