Message ID | 20180810194231.23070-1-blp@ovn.org |
---|---|
State | Accepted |
Headers | show |
Series | [ovs-dev] ofp-group: Fix memory leak in error cases parsing group requests. | expand |
> On Aug 10, 2018, at 12:42 PM, Ben Pfaff <blp@ovn.org> wrote: > > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9424#c4 > Signed-off-by: Ben Pfaff <blp@ovn.org> > --- > lib/ofp-group.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lib/ofp-group.c b/lib/ofp-group.c > index f6e5242f5244..62cab725efb5 100644 > --- a/lib/ofp-group.c > +++ b/lib/ofp-group.c > @@ -1748,7 +1748,7 @@ ofputil_decode_ofp15_group_desc_reply(struct ofputil_group_desc *gd, > msg, gd->type, OFPGC15_ADD, &gd->props, > length - sizeof *ogds - bucket_list_len); > if (error) { > - ofputil_bucket_list_destroy(&gd->buckets); > + ofputil_uninit_group_desc(gd); This isn't related to this patch per se, but should ofputil_group_properties_destroy() should free "gp->selection_method"? Acked-by: Justin Pettit <jpettit@ovn.org> --Justin
On Fri, Aug 17, 2018 at 04:45:49PM -0700, Justin Pettit wrote: > > > On Aug 10, 2018, at 12:42 PM, Ben Pfaff <blp@ovn.org> wrote: > > > > Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9424#c4 > > Signed-off-by: Ben Pfaff <blp@ovn.org> > > --- > > lib/ofp-group.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/lib/ofp-group.c b/lib/ofp-group.c > > index f6e5242f5244..62cab725efb5 100644 > > --- a/lib/ofp-group.c > > +++ b/lib/ofp-group.c > > @@ -1748,7 +1748,7 @@ ofputil_decode_ofp15_group_desc_reply(struct ofputil_group_desc *gd, > > msg, gd->type, OFPGC15_ADD, &gd->props, > > length - sizeof *ogds - bucket_list_len); > > if (error) { > > - ofputil_bucket_list_destroy(&gd->buckets); > > + ofputil_uninit_group_desc(gd); > > This isn't related to this patch per se, but should > ofputil_group_properties_destroy() should free "gp->selection_method"? No: struct ofputil_group_props { /* NTR selection method */ char selection_method[NTR_MAX_SELECTION_METHOD_LEN]; uint64_t selection_method_param; struct field_array fields; }; > Acked-by: Justin Pettit <jpettit@ovn.org> Thanks, I applied this to master and backported as far as applicable.
diff --git a/lib/ofp-group.c b/lib/ofp-group.c index f6e5242f5244..62cab725efb5 100644 --- a/lib/ofp-group.c +++ b/lib/ofp-group.c @@ -1748,7 +1748,7 @@ ofputil_decode_ofp15_group_desc_reply(struct ofputil_group_desc *gd, msg, gd->type, OFPGC15_ADD, &gd->props, length - sizeof *ogds - bucket_list_len); if (error) { - ofputil_bucket_list_destroy(&gd->buckets); + ofputil_uninit_group_desc(gd); } return error; } @@ -2173,7 +2173,7 @@ ofputil_pull_ofp15_group_mod(struct ofpbuf *msg, enum ofp_version ofp_version, error = parse_ofp15_group_properties(msg, gm->type, gm->command, &gm->props, msg->size); if (error) { - ofputil_bucket_list_destroy(&gm->buckets); + ofputil_uninit_group_mod(gm); } return error; }
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9424#c4 Signed-off-by: Ben Pfaff <blp@ovn.org> --- lib/ofp-group.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)