From: Ben Pfaff Date: Thu, 5 Mar 2009 00:48:39 +0000 (-0800) Subject: secchan: Fix random memory corruption due to uninitialized pointer. X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=60822fb1;p=openvswitch secchan: Fix random memory corruption due to uninitialized pointer. The kernel returns flow stats and actions to userspace on flow deletion. By not initializing the odp_flow's "actions" or "n_actions" members we caused it to use whatever happened to be in that space on the stack, which caused random memory corruption. (There is no need to initialize the "stats" member, since it is not read, only written, by the kernel, but by doing so we quiet valgrind.) --- diff --git a/secchan/ofproto.c b/secchan/ofproto.c index 9eb1a269..5626f2e1 100644 --- a/secchan/ofproto.c +++ b/secchan/ofproto.c @@ -2302,7 +2302,10 @@ revalidate_subrule(struct ofproto *p, struct rule *sub) if (super != sub->super) { if (!super) { struct odp_flow odp_flow; + memset(&odp_flow.stats, 0, sizeof odp_flow.stats); odp_flow.key = sub->cr.flow; + odp_flow.actions = NULL; + odp_flow.n_actions = 0; dpif_flow_del(&p->dpif, &odp_flow); classifier_remove(&p->cls, &sub->cr); rule_destroy(sub);