From: Ben Pfaff <blp@nicira.com>
Date: Wed, 26 Feb 2014 00:23:29 +0000 (-0800)
Subject: ofproto-dpif-upcall: Fix null dereference in push_dump_ops().
X-Git-Tag: sliver-openvswitch-2.2.90-1~9^2~39
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=66fb5cc769db2267fde2324ee60394ff624ced33;p=sliver-openvswitch.git

ofproto-dpif-upcall: Fix null dereference in push_dump_ops().

revalidator_sweep__() does not provide udumps, so push_dump_ops() can't
look them up.

This is my fault: I introduced it during review.

Signed-off-by: Ben Pfaff <blp@nicira.com>
---

diff --git a/ofproto/ofproto-dpif-upcall.c b/ofproto/ofproto-dpif-upcall.c
index 1622888a3..e4f81a1d5 100644
--- a/ofproto/ofproto-dpif-upcall.c
+++ b/ofproto/ofproto-dpif-upcall.c
@@ -1466,12 +1466,17 @@ push_dump_ops(struct revalidator *revalidator,
     }
 
     for (i = 0; i < n_ops; i++) {
-        struct udpif_key *ukey = ops[i].ukey;
+        struct udpif_key *ukey;
 
-        /* Look up the ukey to prevent double-free in case 'ops' contains a
-         * given ukey more than once (which can happen if the datapath dumps a
-         * given flow more than once). */
-        ukey = ukey_lookup(revalidator, ops[i].udump);
+        /* If there's a udump, this ukey came directly from a datapath flow
+         * dump.  Sometimes a datapath can send duplicates in flow dumps, in
+         * which case we wouldn't want to double-free a ukey, so avoid that by
+         * looking up the ukey again.
+         *
+         * If there's no udump then we know what we're doing. */
+        ukey = (ops[i].udump
+                ? ukey_lookup(revalidator, ops[i].udump)
+                : ops[i].ukey);
         if (ukey) {
             ukey_delete(revalidator, ukey);
         }