[ovs-dev,03/10] dpif-netdev: Handle uninitialized value error for 'match.wc'
diff mbox series

Message ID 1568236716-18105-3-git-send-email-pkusunyifeng@gmail.com
State New
Headers show
Series
  • [ovs-dev,01/10] raft: Free leaked json data
Related show

Commit Message

Yifeng Sun Sept. 11, 2019, 9:18 p.m. UTC
Valgrind reported that match.wc was not initialized, as below:

1176: ofproto-dpif - fragment handling - actions

==21214== Conditional jump or move depends on uninitialised value(s)
==21214==    at 0x4B77C1: odp_flow_key_from_flow__ (odp-util.c:6143)
==21214==    by 0x46DB58: dp_netdev_upcall (dpif-netdev.c:6239)
==21214==    by 0x4774A7: handle_packet_upcall (dpif-netdev.c:6608)
==21214==    by 0x4774A7: fast_path_processing (dpif-netdev.c:6726)
==21214==    by 0x47933C: dp_netdev_input__ (dpif-netdev.c:6814)
==21214==    by 0x479AB8: dp_netdev_input (dpif-netdev.c:6852)
==21214==    by 0x479AB8: dp_netdev_process_rxq_port (dpif-netdev.c:4287)
==21214==    by 0x47A6A9: dpif_netdev_run (dpif-netdev.c:5264)
==21214==    by 0x4324E7: type_run (ofproto-dpif.c:342)
==21214==    by 0x41C5FE: ofproto_type_run (ofproto.c:1734)
==21214==    by 0x40BAAC: bridge_run__ (bridge.c:2965)
==21214==    by 0x410CF3: bridge_run (bridge.c:3029)
==21214==    by 0x407614: main (ovs-vswitchd.c:127)
==21214==  Uninitialised value was created by a stack allocation
==21214==    at 0x4769C3: fast_path_processing (dpif-netdev.c:6672)

'match' is allocated on stack but its 'wc' is accessed in
odp_flow_key_from_flow__ without proper initialization.
This patch fixes it.

Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
---
 lib/dpif-netdev.c | 1 +
 1 file changed, 1 insertion(+)

Comments

William Tu Sept. 17, 2019, 4:26 p.m. UTC | #1
On Wed, Sep 11, 2019 at 02:18:29PM -0700, Yifeng Sun wrote:
> Valgrind reported that match.wc was not initialized, as below:
> 
> 1176: ofproto-dpif - fragment handling - actions
> 
> ==21214== Conditional jump or move depends on uninitialised value(s)
> ==21214==    at 0x4B77C1: odp_flow_key_from_flow__ (odp-util.c:6143)
> ==21214==    by 0x46DB58: dp_netdev_upcall (dpif-netdev.c:6239)
> ==21214==    by 0x4774A7: handle_packet_upcall (dpif-netdev.c:6608)
> ==21214==    by 0x4774A7: fast_path_processing (dpif-netdev.c:6726)
> ==21214==    by 0x47933C: dp_netdev_input__ (dpif-netdev.c:6814)
> ==21214==    by 0x479AB8: dp_netdev_input (dpif-netdev.c:6852)
> ==21214==    by 0x479AB8: dp_netdev_process_rxq_port (dpif-netdev.c:4287)
> ==21214==    by 0x47A6A9: dpif_netdev_run (dpif-netdev.c:5264)
> ==21214==    by 0x4324E7: type_run (ofproto-dpif.c:342)
> ==21214==    by 0x41C5FE: ofproto_type_run (ofproto.c:1734)
> ==21214==    by 0x40BAAC: bridge_run__ (bridge.c:2965)
> ==21214==    by 0x410CF3: bridge_run (bridge.c:3029)
> ==21214==    by 0x407614: main (ovs-vswitchd.c:127)
> ==21214==  Uninitialised value was created by a stack allocation
> ==21214==    at 0x4769C3: fast_path_processing (dpif-netdev.c:6672)
> 
> 'match' is allocated on stack but its 'wc' is accessed in
> odp_flow_key_from_flow__ without proper initialization.
> This patch fixes it.
> 
> Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
LGTM
Acked-by: William Tu <u9012063@gmail.com>

> ---
>  lib/dpif-netdev.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
> index a88a78f8a688..6be6e47ed127 100644
> --- a/lib/dpif-netdev.c
> +++ b/lib/dpif-netdev.c
> @@ -6600,6 +6600,7 @@ handle_packet_upcall(struct dp_netdev_pmd_thread *pmd,
>  
>      match.tun_md.valid = false;
>      miniflow_expand(&key->mf, &match.flow);
> +    memset(&match.wc, 0, sizeof match.wc);
>  
>      ofpbuf_clear(actions);
>      ofpbuf_clear(put_actions);
> -- 
> 2.7.4
> 
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Patch
diff mbox series

diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c
index a88a78f8a688..6be6e47ed127 100644
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -6600,6 +6600,7 @@  handle_packet_upcall(struct dp_netdev_pmd_thread *pmd,
 
     match.tun_md.valid = false;
     miniflow_expand(&key->mf, &match.flow);
+    memset(&match.wc, 0, sizeof match.wc);
 
     ofpbuf_clear(actions);
     ofpbuf_clear(put_actions);