From dd30ff28ca73dfe20e0b0c0e7c58dba485ca0098 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@nicira.com>
Date: Thu, 16 Aug 2012 11:33:21 -0700
Subject: [PATCH] ofproto-dpif: Avoid dereferencing possibly null or wild
 pointer.

If ofpacts_len is 0 then ofpacts->type is a bad reference.

(An early draft of ofpacts used an OFPACT_END sentinel so that there was
always data there in this function, but in review the sentinel got deleted
and I did not notice that this function needed an update.)

Found by valgrind.

Bug #12847.
Signed-off-by: Ben Pfaff <blp@nicira.com>
---
 ofproto/ofproto-dpif.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c
index d66c500e6..ac1a9633e 100644
--- a/ofproto/ofproto-dpif.c
+++ b/ofproto/ofproto-dpif.c
@@ -3794,7 +3794,8 @@ facet_is_controller_flow(struct facet *facet)
         const struct ofpact *ofpacts = rule->ofpacts;
         size_t ofpacts_len = rule->ofpacts_len;
 
-        if (ofpacts->type == OFPACT_CONTROLLER &&
+        if (ofpacts_len > 0 &&
+            ofpacts->type == OFPACT_CONTROLLER &&
             ofpact_next(ofpacts) >= ofpact_end(ofpacts, ofpacts_len)) {
             return true;
         }
-- 
2.43.0