-
Alex Wang authored
Commit 6fd6ed71 (ofpbuf: Simplify ofpbuf API.) introduced the 'header' and 'msg' pointers to 'struct ofpbuf'. However, we forget to update the 'msg' pointer when resizing ofpbuf. This bug could cause serious issue. For example, in the function ofputil_encode_nx_packet_in(), the 'msg' pointer is populated in ofpraw_alloc_xid() when creating the ofpbuf . Later, the ofpbuf memory can be reallocated due to the writing to the ofpbuf. However, since the 'msg' pointer is not updated, the later use of the 'ofpbuf->msg' will end up writing to either free'ed memory or memory allocated for other struct. This commit fixes the bug by always updating the 'header' and 'msg' pointers when the ofpbuf is resized. Also, a simple test is added. Signed-off-by: Alex Wang <alexw@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
8dd3f945