diff options
| author | Ben Pfaff <blp@nicira.com> | 2011-04-28 16:34:56 -0700 |
|---|---|---|
| committer | Ben Pfaff <blp@nicira.com> | 2011-04-29 14:32:01 -0700 |
| commit | 3594990b070f8cd6df9d7693cacb8ff4d91429fe (patch) | |
| tree | 6cabab38c4c9e876c2e4e03e9f834985a4784e83 | |
| parent | fcbd99e69cb74ba1775ab5dc2f62988ba5194e5c (diff) | |
| download | openvswitch-3594990b070f8cd6df9d7693cacb8ff4d91429fe.tar.gz | |
datapath: Avoid freeing wild pointer in corner case.
In odp_flow_cmd_new_or_set(), if flow_actions_alloc() fails in the "new
flow" case, then flow_put() will kfree() the new flow's 'sf_acts' pointer,
but nothing has initialized that pointer. Initialize the pointer to NULL
to avoid the problem.
Found by inspection.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Jesse Gross <jesse@nicira.com>
| -rw-r--r-- | datapath/flow.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/datapath/flow.c b/datapath/flow.c index f264866a7..d670925af 100644 --- a/datapath/flow.c +++ b/datapath/flow.c @@ -196,6 +196,7 @@ struct sw_flow *flow_alloc(void) spin_lock_init(&flow->lock); atomic_set(&flow->refcnt, 1); + flow->sf_acts = NULL; flow->dead = false; return flow; |