From cc1a2dcbba4dac352a294aef06b0131e6382d5b5 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@nicira.com>
Date: Wed, 4 Sep 2013 12:33:06 -0700
Subject: [PATCH] flow: Fix hypothetical memory leak in miniflow_move().

Ordinarily a miniflow will use its inline_values if its values can fit, but
there is nothing to prevent a small number of values from being stored
in malloc()'d memory.  If this happened, then miniflow_move() would leak
memory.  This commit fixes the problem.

This is a hypothetical problem.  I haven't seen it in practice.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>
---
 lib/flow.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/flow.c b/lib/flow.c
index 0e7c493a0..9ab19617a 100644
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -1141,10 +1141,10 @@ miniflow_clone(struct miniflow *dst, const struct miniflow *src)
 void
 miniflow_move(struct miniflow *dst, struct miniflow *src)
 {
-    int n = miniflow_n_values(src);
-    if (n <= MINI_N_INLINE) {
+    if (src->values == src->inline_values) {
         dst->values = dst->inline_values;
-        memcpy(dst->values, src->values, n * sizeof *dst->values);
+        memcpy(dst->values, src->values,
+               miniflow_n_values(src) * sizeof *dst->values);
     } else {
         dst->values = src->values;
     }
-- 
2.47.0