From 70a8134dbc957f290d148a1985e6961931f41b14 Mon Sep 17 00:00:00 2001 From: Simon Horman Date: Mon, 3 Jun 2013 14:46:30 +0900 Subject: [PATCH] Always use valid ids pointer in dec_ttl_cnt_ids_from_openflow() Always update the ids pointer after calling ofpbuf_put() to ensure that it is valid when accessed. During testing a case came up where the call to ofpbuf_put() in the for (i = 0; i < ids->n_controllers; i++) loop would cause the underlying buffer to be reallocated. This resulted in ids->n_controllers being an incorrect value, the loop continuing on longer than desired and finally a segmentation fault. Reported-by: Joe Stringer Signed-off-by: Simon Horman Signed-off-by: Ben Pfaff --- lib/ofp-actions.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c index 068699f66..e87fefaea 100644 --- a/lib/ofp-actions.c +++ b/lib/ofp-actions.c @@ -209,9 +209,9 @@ dec_ttl_cnt_ids_from_openflow(const struct nx_action_cnt_ids *nac_ids, for (i = 0; i < ids->n_controllers; i++) { uint16_t id = ntohs(((ovs_be16 *)(nac_ids + 1))[i]); ofpbuf_put(out, &id, sizeof id); + ids = out->l2; } - ids = out->l2; ofpact_update_len(out, &ids->ofpact); return 0; -- 2.20.1