From: Ben Pfaff <blp@nicira.com>
Date: Thu, 28 Apr 2011 23:34:56 +0000 (-0700)
Subject: datapath: Avoid freeing wild pointer in corner case.
X-Git-Tag: v1.1.1~10
X-Git-Url: http://git.onelab.eu/?p=sliver-openvswitch.git;a=commitdiff_plain;h=3594990b070f8cd6df9d7693cacb8ff4d91429fe

datapath: Avoid freeing wild pointer in corner case.

In odp_flow_cmd_new_or_set(), if flow_actions_alloc() fails in the "new
flow" case, then flow_put() will kfree() the new flow's 'sf_acts' pointer,
but nothing has initialized that pointer.  Initialize the pointer to NULL
to avoid the problem.

Found by inspection.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
---

diff --git a/datapath/flow.c b/datapath/flow.c
index f264866a7..d670925af 100644
--- a/datapath/flow.c
+++ b/datapath/flow.c
@@ -196,6 +196,7 @@ struct sw_flow *flow_alloc(void)
 
 	spin_lock_init(&flow->lock);
 	atomic_set(&flow->refcnt, 1);
+	flow->sf_acts = NULL;
 	flow->dead = false;
 
 	return flow;