meta-flow: Avoid null pointer dereference in mf_format_frag_string().

The 'maskp' parameter to this function can be NULL, but the function
always dereferenced it.  This commit fixes the problem.

This commit also fixes the order in which the value and mask were adjusted
to correctly discard 1-bits outside of FLOW_NW_FRAG_MASK.

Found by Coverity.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Ethan Jackson <ethan@nicira.com>

1 files changed, 3 insertions, 6 deletions

diff --git a/lib/meta-flow.c b/lib/meta-flow.c
index de11bdf7b..7a639223c 100644
--- a/lib/meta-flow.c
+++ b/lib/meta-flow.c
@@ -2228,15 +2228,12 @@ mf_format_integer_string(const struct mf_field *mf, const uint8_t *valuep,
 }
 
 static void
-mf_format_frag_string(const uint8_t *valuep, const uint8_t *maskp,
-                      struct ds *s)
+mf_format_frag_string(uint8_t value, uint8_t mask, struct ds *s)
 {
     const struct frag_handling *h;
-    uint8_t value = *valuep;
-    uint8_t mask = *maskp;
 
-    value &= mask;
     mask &= FLOW_NW_FRAG_MASK;
+    value &= mask;
 
     for (h = all_frags; h < &all_frags[ARRAY_SIZE(all_frags)]; h++) {
         if (value == h->value && mask == h->mask) {
@@ -2292,7 +2289,7 @@ mf_format(const struct mf_field *mf,
         break;
 
     case MFS_FRAG:
-        mf_format_frag_string(&value->u8, &mask->u8, s);
+        mf_format_frag_string(value->u8, mask ? mask->u8 : UINT8_MAX, s);
         break;
 
     default: