Coverity reports that ovsdb_idl_txn_extract_mutations() calls
ovsdb_datum_find_key() without checking the return value (as is done
elsewhere 13 out of 15 times) before using the returned position to
index into old_datum->values[pos].
If the key is not found, pos is uninitialized and using it leads to
undefined behavior. Fix by checking the return value and combining
the conditions, only skip the mutation if the key exists and the
value is unchanged.
Fixes: 51946d22274c ("ovsdb-data: Optimize union of sets.")
Signed-off-by: Eelco Chaudron <[email protected]>
---
v3:
- Decoupled checks and added a log message.
---
lib/ovsdb-idl.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/lib/ovsdb-idl.c b/lib/ovsdb-idl.c
index d8094458d..1bc51dd04 100644
--- a/lib/ovsdb-idl.c
+++ b/lib/ovsdb-idl.c
@@ -3054,9 +3054,14 @@ ovsdb_idl_txn_extract_mutations(struct ovsdb_idl_row
*row,
/* Find out if value really changed. */
struct ovsdb_datum *new_datum;
unsigned int pos;
+
new_datum = map_op_datum(map_op);
- ovsdb_datum_find_key(old_datum, &new_datum->keys[0],
- key_type, &pos);
+ if (ovsdb_datum_find_key(old_datum, &new_datum->keys[0],
+ key_type, &pos)) {
+ VLOG_WARN("Trying to update a value for a key that no "
+ "longer exists in the map.");
+ continue;
+ }
if (ovsdb_atom_equals(&new_datum->values[0],
&old_datum->values[pos],
value_type)) {
--
2.52.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
