@@ -188,7 +188,7 @@ dummy_packet_stream_init(struct dummy_packet_stream *s, struct stream *stream)
{
int rxbuf_size = stream ? 2048 : 0;
s->stream = stream;
- dp_packet_init(&s->rxbuf, rxbuf_size);
+ dp_packet_init(&s->rxbuf, MAX(rxbuf_size, ETH_HEADER_LEN));
ovs_list_init(&s->txq);
}
@@ -1149,7 +1149,7 @@ netdev_dummy_send(struct netdev *netdev, int qid OVS_UNUSED,
if (flow.dl_type == htons(ETH_TYPE_ARP)
&& flow.nw_proto == ARP_OP_REQUEST
&& flow.nw_dst == dev->address.s_addr) {
- struct dp_packet *reply = dp_packet_new(0);
+ struct dp_packet *reply = dp_packet_new(ETH_HEADER_LEN);
compose_arp(reply, ARP_OP_REPLY, dev->hwaddr, flow.dl_src,
false, flow.nw_dst, flow.nw_src);
netdev_dummy_queue_packet(dev, reply, NULL, 0);
@@ -1647,7 +1647,7 @@ eth_from_flow_str(const char *s, size_t packet_size,
return NULL;
}
- packet = dp_packet_new(0);
+ packet = dp_packet_new(MAX(packet_size, ETH_HEADER_LEN));
if (packet_size) {
flow_compose(packet, flow, NULL, 0);
if (dp_packet_size(packet) < packet_size) {
@@ -809,7 +809,8 @@ bond_compose_learning_packet(struct bond *bond, const struct eth_addr eth_src,
flow.dl_src = eth_src;
member = choose_output_member(bond, &flow, NULL, vlan);
- packet = dp_packet_new(0);
+ packet = dp_packet_new(2 + ETH_HEADER_LEN + VLAN_HEADER_LEN
+ + ARP_ETH_HEADER_LEN);
compose_rarp(packet, eth_src);
if (vlan) {
eth_push_vlan(packet, htons(ETH_TYPE_VLAN), htons(vlan));
@@ -245,7 +245,7 @@ parse_flow_and_packet(int argc, const char *argv[],
struct dp_packet payload;
memset(&payload, 0, sizeof payload);
- dp_packet_init(&payload, 0);
+ dp_packet_init(&payload, ETH_HEADER_LEN);
if (dp_packet_put_hex(&payload, argv[++i], NULL)[0] != '\0') {
dp_packet_uninit(&payload);
error = xstrdup("Trailing garbage in packet data");
@@ -436,7 +436,7 @@ parse_flow_and_packet(int argc, const char *argv[],
if (generate_packet) {
/* Generate a packet, as requested. */
- packet = dp_packet_new(0);
+ packet = dp_packet_new(ETH_HEADER_LEN);
flow_compose(packet, flow, l7, l7_len);
} else if (packet) {
/* Use the metadata from the flow and the packet argument to
@@ -3490,7 +3490,7 @@ tnl_send_nd_request(struct xlate_ctx *ctx, const struct xport *out_dev,
{
struct dp_packet packet;
- dp_packet_init(&packet, 0);
+ dp_packet_init(&packet, ETH_HEADER_LEN);
compose_nd_ns(&packet, eth_src, ipv6_src, ipv6_dst);
compose_table_xlate(ctx, out_dev, &packet);
dp_packet_uninit(&packet);
@@ -3503,7 +3503,7 @@ tnl_send_arp_request(struct xlate_ctx *ctx, const struct xport *out_dev,
{
struct dp_packet packet;
- dp_packet_init(&packet, 0);
+ dp_packet_init(&packet, ETH_HEADER_LEN);
compose_arp(&packet, ARP_OP_REQUEST,
eth_src, eth_addr_zero, true, ip_src, ip_dst);
@@ -1268,7 +1268,7 @@ check_ct_eventmask(struct dpif_backer *backer)
nl_msg_end_nested(&actions, ct_start);
/* Compose a dummy UDP packet. */
- dp_packet_init(&packet, 0);
+ dp_packet_init(&packet, ETH_HEADER_LEN);
flow_compose(&packet, &flow, NULL, 64);
/* Execute the actions. On older datapaths this fails with EINVAL, on
@@ -1361,7 +1361,7 @@ check_ct_timeout_policy(struct dpif_backer *backer)
nl_msg_end_nested(&actions, ct_start);
/* Compose a dummy UDP packet. */
- dp_packet_init(&packet, 0);
+ dp_packet_init(&packet, ETH_HEADER_LEN);
flow_compose(&packet, &flow, NULL, 64);
/* Execute the actions. On older datapaths this fails with EINVAL, on
@@ -3501,7 +3501,7 @@ send_pdu_cb(void *port_, const void *pdu, size_t pdu_size)
struct dp_packet packet;
void *packet_pdu;
- dp_packet_init(&packet, 0);
+ dp_packet_init(&packet, ETH_HEADER_LEN);
packet_pdu = eth_compose(&packet, eth_addr_lacp, ea, ETH_TYPE_LACP,
pdu_size);
memcpy(packet_pdu, pdu, pdu_size);
@@ -4902,15 +4902,13 @@ ofctl_compose_packet(struct ovs_cmdl_context *ctx)
}
struct dp_packet p;
- memset(&p, 0, sizeof p);
- dp_packet_init(&p, 0);
+ dp_packet_init(&p, ETH_HEADER_LEN);
void *l7 = NULL;
size_t l7_len = 64;
if (ctx->argc > 2) {
struct dp_packet payload;
- memset(&payload, 0, sizeof payload);
- dp_packet_init(&payload, 0);
+ dp_packet_init(&payload, ETH_HEADER_LEN);
if (dp_packet_put_hex(&payload, ctx->argv[2], NULL)[0] != '\0') {
ovs_fatal(0, "%s: trailing garbage in packet data", ctx->argv[2]);
}
UB Sanitizer report: lib/dp-packet.h:297:39: runtime error: applying zero offset to null pointer #0 0x7946f5 in dp_packet_tail /root/ovs/./lib/dp-packet.h:297:39 #1 0x794331 in dp_packet_tailroom /root/ovs/./lib/dp-packet.h:325:49 #2 0x7942a0 in dp_packet_prealloc_tailroom /root/ovs/lib/dp-packet.c:297:16 #3 0xc347cf in eth_compose /root/ovs/lib/packets.c:1061:5 [...] Signed-off-by: Dumitru Ceara <dceara@redhat.com> --- lib/netdev-dummy.c | 6 +++--- ofproto/bond.c | 3 ++- ofproto/ofproto-dpif-trace.c | 4 ++-- ofproto/ofproto-dpif-xlate.c | 4 ++-- ofproto/ofproto-dpif.c | 6 +++--- utilities/ovs-ofctl.c | 6 ++---- 6 files changed, 14 insertions(+), 15 deletions(-)