diff options
author | Simon Horman <horms@verge.net.au> | 2013-06-03 14:46:30 +0900 |
---|---|---|
committer | Ben Pfaff <blp@nicira.com> | 2013-06-04 10:26:00 -0700 |
commit | 7dc070abb344e9183ca0b78b7146e1cbfbd5d03c (patch) | |
tree | c5fc76aae761d88348a7101f804fb372bfb42066 /lib | |
parent | 6801651803de64a99779492e177e203d0057e134 (diff) |
Always use valid ids pointer in dec_ttl_cnt_ids_from_openflow()
Always update the ids pointer after calling ofpbuf_put()
to ensure that it is valid when accessed.
During testing a case came up where the call to ofpbuf_put() in the
for (i = 0; i < ids->n_controllers; i++) loop would cause the underlying
buffer to be reallocated. This resulted in ids->n_controllers being an
incorrect value, the loop continuing on longer than desired and finally a
segmentation fault.
Reported-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ofp-actions.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c index a439d138..6a20ea00 100644 --- a/lib/ofp-actions.c +++ b/lib/ofp-actions.c @@ -210,9 +210,9 @@ dec_ttl_cnt_ids_from_openflow(const struct nx_action_cnt_ids *nac_ids, for (i = 0; i < ids->n_controllers; i++) { uint16_t id = ntohs(((ovs_be16 *)(nac_ids + 1))[i]); ofpbuf_put(out, &id, sizeof id); + ids = out->l2; } - ids = out->l2; ofpact_update_len(out, &ids->ofpact); return 0; |