On 28 April 2016 at 18:29, Ansis Atteka wrote:
> On 28 April 2016 at 14:13, Joe Stringer wrote:
>> When decoding the 'note' action, variable-length data could be pushed to
>> a buffer immediately prior to calling ofpact_finish_NOTE(). The
>> ofpbuf_put()
On 29 April 2016 at 09:53, William Tu wrote:
> Looks good to me.
>
>> I had to stop and think a little bit about the ofpact_finish()
>> function's API. It gives freedom to its caller to specify whatever it
>> wants as second 'ofpact' argument. However, at the end of the day
>>
Looks good to me.
I had to stop and think a little bit about the ofpact_finish()
> function's API. It gives freedom to its caller to specify whatever it
> wants as second 'ofpact' argument. However, at the end of the day
> ofpact_finish() asserts if second argument value does not match to the
>
On 28 April 2016 at 14:13, Joe Stringer wrote:
> When decoding the 'note' action, variable-length data could be pushed to
> a buffer immediately prior to calling ofpact_finish_NOTE(). The
> ofpbuf_put() could cause reallocation, in which case the finish call
> could access freed
When decoding the 'note' action, variable-length data could be pushed to
a buffer immediately prior to calling ofpact_finish_NOTE(). The
ofpbuf_put() could cause reallocation, in which case the finish call
could access freed memory. Fix the issue by updating the local pointer
before passing it to