[ovs-dev] odp-util: Avoid reading wrong table in generate_all_wildcard_mask().

Message ID 20171127172057.30588-1-blp@ovn.org
State New
Headers show
  • [ovs-dev] odp-util: Avoid reading wrong table in generate_all_wildcard_mask().
Related show

Commit Message

Ben Pfaff Nov. 27, 2017, 5:20 p.m.
These lines of code are intended to copy the 'next' and 'next_max' members
of tbl[type] into local variables 'tbl' and 'max':
            tbl = tbl[type].next;
            max = tbl[type].next_max;
They didn't do it properly because the first line changes 'tbl', so that
the first and seconds lines' references to tbl[type] refer to different

This commit fixes the problem.

Found by libfuzzer.

Reported-by: Bhargava Shastry <bshastry@sec.t-labs.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp@ovn.org>
 lib/odp-util.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)


diff --git a/lib/odp-util.c b/lib/odp-util.c
index 45a890c46aa0..b7b6a2a9a785 100644
--- a/lib/odp-util.c
+++ b/lib/odp-util.c
@@ -3497,8 +3497,9 @@  generate_all_wildcard_mask(const struct attr_len_tbl tbl[], int max,
         size_t nested_mask;
         if (tbl[type].next) {
-            tbl = tbl[type].next;
-            max = tbl[type].next_max;
+            const struct attr_len_tbl *entry = &tbl[type];
+            tbl = entry->next;
+            max = entry->next_max;
         nested_mask = nl_msg_start_nested(ofp, type);