[ovs-git] [openvswitch/ovs] 38876d: ofpbuf: Update msg when resizing ofpbuf.
GitHub
noreply at github.com
Mon Jul 20 17:14:36 UTC 2015
Branch: refs/heads/master
Home: https://github.com/openvswitch/ovs
Commit: 38876d31f2283eaf71f4c8acab4b2dad538019ef
https://github.com/openvswitch/ovs/commit/38876d31f2283eaf71f4c8acab4b2dad538019ef
Author: Alex Wang <alexw at nicira.com>
Date: 2015-07-20 (Mon, 20 Jul 2015)
Changed paths:
M lib/ofpbuf.c
M lib/ofpbuf.h
M tests/.gitignore
M tests/automake.mk
M tests/library.at
A tests/test-ofpbuf.c
Log Message:
-----------
ofpbuf: Update msg when resizing ofpbuf.
Commit 6fd6ed7 (ofpbuf: Simplify ofpbuf API.) introduced the
'header' and 'msg' pointers to 'struct ofpbuf'. However, we
forget to update the 'msg' pointer when resizing ofpbuf.
This bug could cause serious issue. For example, in the function
ofputil_encode_nx_packet_in(), the 'msg' pointer is populated in
ofpraw_alloc_xid() when creating the ofpbuf . Later, the ofpbuf
memory can be reallocated due to the writing to the ofpbuf.
However, since the 'msg' pointer is not updated, the later use of
the 'ofpbuf->msg' will end up writing to either free'ed memory or
memory allocated for other struct.
This commit fixes the bug by always updating the 'header' and
'msg' pointers when the ofpbuf is resized. Also, a simple test
is added.
Signed-off-by: Alex Wang <alexw at nicira.com>
Acked-by: Ben Pfaff <blp at nicira.com>
More information about the git
mailing list