datapath: Avoid freeing wild pointer in corner case.

In odp_flow_cmd_new_or_set(), if flow_actions_alloc() fails in the "new
flow" case, then flow_put() will kfree() the new flow's 'sf_acts' pointer,
but nothing has initialized that pointer.  Initialize the pointer to NULL
to avoid the problem.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>

diff --git a/datapath/flow.c b/datapath/flow.c
index f264866a7eef793a107f24f3cd919212528672cd..d670925af436267f33584d89042d2e5f67311d5c 100644 (file)
--- a/datapath/flow.c
+++ b/datapath/flow.c
@@ -196,6 +196,7 @@ struct sw_flow *flow_alloc(void)
 
        spin_lock_init(&flow->lock);
        atomic_set(&flow->refcnt, 1);
+       flow->sf_acts = NULL;
        flow->dead = false;
 
        return flow;