Thanks, applied to master, backported as far as 2.7.
On Fri, Oct 05, 2018 at 03:43:03PM -0700, Yifeng Sun wrote: > This patch should also fix the bug reported at > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10802 > > On Fri, Oct 5, 2018 at 2:50 PM Yifeng Sun <pkusunyif...@gmail.com> wrote: > > > After ofpbug_put, actions may have been reallocated and > > key will point to invalid memory address. > > > > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10796 > > Signed-off-by > > <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10796Signed-off-by>: > > Yifeng Sun <pkusunyif...@gmail.com> > > --- > > lib/odp-util.c | 9 +++++---- > > 1 file changed, 5 insertions(+), 4 deletions(-) > > > > diff --git a/lib/odp-util.c b/lib/odp-util.c > > index 890c71b7f336..7705bb30ae21 100644 > > --- a/lib/odp-util.c > > +++ b/lib/odp-util.c > > @@ -2242,13 +2242,14 @@ parse_odp_action(const char *s, const struct simap > > *port_names, > > key->nla_len += size; > > ofpbuf_put(actions, mask + 1, size); > > > > - /* Add new padding as needed */ > > - ofpbuf_put_zeros(actions, NLA_ALIGN(key->nla_len) - > > - key->nla_len); > > - > > /* 'actions' may have been reallocated by ofpbuf_put(). */ > > nested = ofpbuf_at_assert(actions, start_ofs, sizeof > > *nested); > > nested->nla_type = OVS_ACTION_ATTR_SET_MASKED; > > + > > + key = nested + 1; > > + /* Add new padding as needed */ > > + ofpbuf_put_zeros(actions, NLA_ALIGN(key->nla_len) - > > + key->nla_len); > > } > > } > > ofpbuf_uninit(&maskbuf); > > -- > > 2.7.4 > > > > > _______________________________________________ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev