On 3/5/26 1:51 PM, Eelco Chaudron wrote: > Coverity reports that ovsdb_idl_txn_extract_mutations() calls > ovsdb_datum_find_key() without checking the return value (as is done > elsewhere 13 out of 15 times) before using the returned position to > index into old_datum->values[pos]. > > If the key is not found, pos is uninitialized and using it leads to > undefined behavior. Fix by checking the return value and combining > the conditions, only skip the mutation if the key exists and the > value is unchanged.
This message needs an update. Might be worth mentioning also that this condition can only happen in case of a misbehaving application, as the existence of the key was checked before the operation was created. Otherwise, LGTM. Acked-by: Ilya Maximets <[email protected]> > > Fixes: 51946d22274c ("ovsdb-data: Optimize union of sets.") > Signed-off-by: Eelco Chaudron <[email protected]> > --- > > v3: > - Decoupled checks and added a log message. > --- > lib/ovsdb-idl.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/lib/ovsdb-idl.c b/lib/ovsdb-idl.c > index d8094458d..fe90deda7 100644 > --- a/lib/ovsdb-idl.c > +++ b/lib/ovsdb-idl.c > @@ -3054,9 +3054,14 @@ ovsdb_idl_txn_extract_mutations(struct ovsdb_idl_row > *row, > /* Find out if value really changed. */ > struct ovsdb_datum *new_datum; > unsigned int pos; > + > new_datum = map_op_datum(map_op); > - ovsdb_datum_find_key(old_datum, &new_datum->keys[0], > - key_type, &pos); > + if (!ovsdb_datum_find_key(old_datum, &new_datum->keys[0], > + key_type, &pos)) { > + VLOG_WARN("Trying to update a value for a key that > no " > + "longer exists in the map."); > + continue; > + } > if (ovsdb_atom_equals(&new_datum->values[0], > &old_datum->values[pos], > value_type)) { _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
