ofp-util: Fix null pointer dereference in ofputil_pull_buckets().

Found by clang-analyzer.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>

diff --git a/lib/ofp-util.c b/lib/ofp-util.c
index 09e4438..b303653 100644 (file)
--- a/lib/ofp-util.c
+++ b/lib/ofp-util.c
@@ -6978,6 +6978,7 @@ ofputil_pull_buckets(struct ofpbuf *msg, size_t buckets_length,
         if (!ob) {
             VLOG_WARN_RL(&bad_ofmsg_rl, "buckets end with %"PRIuSIZE" leftover bytes",
                          buckets_length);
+            return OFPERR_OFPGMFC_BAD_BUCKET;
         }
 
         ob_len = ntohs(ob->len);