flow: Fix hypothetical memory leak in miniflow_move().

Ordinarily a miniflow will use its inline_values if its values can fit, but
there is nothing to prevent a small number of values from being stored
in malloc()'d memory.  If this happened, then miniflow_move() would leak
memory.  This commit fixes the problem.

This is a hypothetical problem.  I haven't seen it in practice.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

diff --git a/lib/flow.c b/lib/flow.c
index 0e7c493..9ab1961 100644 (file)
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -1141,10 +1141,10 @@ miniflow_clone(struct miniflow *dst, const struct miniflow *src)
 void
 miniflow_move(struct miniflow *dst, struct miniflow *src)
 {
-    int n = miniflow_n_values(src);
-    if (n <= MINI_N_INLINE) {
+    if (src->values == src->inline_values) {
         dst->values = dst->inline_values;
-        memcpy(dst->values, src->values, n * sizeof *dst->values);
+        memcpy(dst->values, src->values,
+               miniflow_n_values(src) * sizeof *dst->values);
     } else {
         dst->values = src->values;
     }