From: Ben Pfaff <blp@nicira.com>
Date: Thu, 16 Aug 2012 18:33:21 +0000 (-0700)
Subject: ofproto-dpif: Avoid dereferencing possibly null or wild pointer.
X-Git-Tag: sliver-openvswitch-1.8.90-0~48^2~37
X-Git-Url: http://git.onelab.eu/?p=sliver-openvswitch.git;a=commitdiff_plain;h=dd30ff28ca73dfe20e0b0c0e7c58dba485ca0098

ofproto-dpif: Avoid dereferencing possibly null or wild pointer.

If ofpacts_len is 0 then ofpacts->type is a bad reference.

(An early draft of ofpacts used an OFPACT_END sentinel so that there was
always data there in this function, but in review the sentinel got deleted
and I did not notice that this function needed an update.)

Found by valgrind.

Bug #12847.
Signed-off-by: Ben Pfaff <blp@nicira.com>
---

diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index d66c500e6..ac1a9633e 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -3794,7 +3794,8 @@ facet_is_controller_flow(struct facet *facet)
         const struct ofpact *ofpacts = rule->ofpacts;
         size_t ofpacts_len = rule->ofpacts_len;
 
-        if (ofpacts->type == OFPACT_CONTROLLER &&
+        if (ofpacts_len > 0 &&
+            ofpacts->type == OFPACT_CONTROLLER &&
             ofpact_next(ofpacts) >= ofpact_end(ofpacts, ofpacts_len)) {
             return true;
         }