On 4 March 2016 at 17:35, William Tu <u9012...@gmail.com> wrote: > Address pointed by header_ptr might be free'd due to realloc > happened at ofpbuf_put_uninit() and ofpbuf_put_hex(). Reported > by valgrind 379: check TCP flags expression in OXM and NXM. > > Invalid write of size 4 > nx_match_from_string_raw (nx-match.c:1510) > nx_match_from_string (nx-match.c:1538) > ofctl_parse_nxm__ (ovs-ofctl.c:3325) > ovs_cmdl_run_command (command-line.c:121) > main (ovs-ofctl.c:137) > > Address 0x7a2cc40 is 0 bytes inside a block of size 64 free'd > free (vg_replace_malloc.c:530) > ofpbuf_resize__ (ofpbuf.c:246) > ofpbuf_put (ofpbuf.c:386) > ofpbuf_put_hex (ofpbuf.c:414) > nx_match_from_string_raw (nx-match.c:1488) > nx_match_from_string (nx-match.c:1538) > ofctl_parse_nxm__ (ovs-ofctl.c:3325) > > Signed-off-by: William Tu <u9012...@gmail.com>
As a general policy, I think it's better to avoid adding pointer arithmetic throughout the codebase where possible. I've proposed a slightly different fix here making use of ofpbuf->header, although I'm not 100% on whether it's fine for this code to overwrite it: http://openvswitch.org/pipermail/dev/2016-March/067313.html _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev