From 0574f71b4b6820cecb8247a6e0269606c8ef2edf Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Fri, 4 Mar 2011 13:44:35 -0800 Subject: [PATCH] netdev-port: Fix invalid memory access in netdev_vport_poll_add(). shash_find_data() returns an shash_node's 'data' member, but this code here wants the shash_node itself, so it needs to use shash_find() instead. This bug meant that any attempt to add a single netdev_vport to more than one netdev_monitor would cause a segmentation fault. Here's an example command that reproduces it reliably for me under valgrind (because ofproto always monitors its ports and the bridge monitors bond interfaces): ovs-vsctl -- add-bond br0 bond0 p0 p1 \ -- set interface p0 type=patch options:peer=p1 \ -- set interface p1 type=patch options:peer=p0 Bug #4527. Reported-by: Krishna Miriyala --- lib/netdev-vport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c index ae043c26..c6d4db89 100644 --- a/lib/netdev-vport.c +++ b/lib/netdev-vport.c @@ -502,7 +502,7 @@ netdev_vport_poll_add(struct netdev *netdev, struct list *list; struct shash_node *shash_node; - shash_node = shash_find_data(&netdev_vport_notifiers, poll_name); + shash_node = shash_find(&netdev_vport_notifiers, poll_name); if (!shash_node) { list = xmalloc(sizeof *list); list_init(list); -- 2.30.2