From 60822fb14f547eadb3b08a52da68a6ae3913808f Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@nicira.com>
Date: Wed, 4 Mar 2009 16:48:39 -0800
Subject: [PATCH] secchan: Fix random memory corruption due to uninitialized
 pointer.

The kernel returns flow stats and actions to userspace on flow deletion.
By not initializing the odp_flow's "actions" or "n_actions" members we
caused it to use whatever happened to be in that space on the stack, which
caused random memory corruption.

(There is no need to initialize the "stats" member, since it is not read,
only written, by the kernel, but by doing so we quiet valgrind.)
---
 secchan/ofproto.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/secchan/ofproto.c b/secchan/ofproto.c
index 9eb1a269..5626f2e1 100644
--- a/secchan/ofproto.c
+++ b/secchan/ofproto.c
@@ -2302,7 +2302,10 @@ revalidate_subrule(struct ofproto *p, struct rule *sub)
     if (super != sub->super) {
         if (!super) {
             struct odp_flow odp_flow;
+            memset(&odp_flow.stats, 0, sizeof odp_flow.stats);
             odp_flow.key = sub->cr.flow;
+            odp_flow.actions = NULL;
+            odp_flow.n_actions = 0;
             dpif_flow_del(&p->dpif, &odp_flow);
             classifier_remove(&p->cls, &sub->cr);
             rule_destroy(sub);
-- 
2.30.2