| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Nov 2008 20:35:16 +0800
From: Wu Fengguang <fengguang.wu@...el.com>
To: Patrick McHardy <kaber@...sh.net>
Cc: Wang Chen <wangchen@...fujitsu.com>,
David Miller <davem@...emloft.net>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Netfilter Development Mailinglist
<netfilter-devel@...r.kernel.org>
Subject: Re: [PATCH] netfilter: nf_conntrack_sctp: fix build warning
On Mon, Nov 24, 2008 at 02:23:16PM +0200, Patrick McHardy wrote:
> Wu Fengguang wrote:
> >> print some debug info would be better?
> >
> > Like this one?
> > + pr_debug("Empty sctp packet\n");
> >
> > Fengguang
> > ---
> > netfilter: nf_conntrack_sctp: fix build warning
> >
> > net/netfilter/nf_conntrack_proto_sctp.c: In function ‘sctp_packet’:
> > net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds
>
> The warning is bogus, so we don't need a pr_debug() there.
> I've applied your first patch with an unlikely() added and
> a comment stating that the warning is bogus.
Thank you! I was expecting some better solution (and learn a bit) ;-)
> commit a3e2913ffd3dec7f6975f680035670261ad5f56e
> Author: Wu Fengguang <wfg@...ux.intel.com>
> Date: Mon Nov 24 13:18:00 2008 +0100
>
> netfilter: nf_conntrack_sctp: fix build warning
>
> net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet':
> net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds
>
> [Patrick; add unlikely and comment stating that the warning is bogus]
>
> Signed-off-by: Wu Fengguang <wfg@...ux.intel.com>
> Signed-off-by: Patrick McHardy <kaber@...sh.net>
>
> diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
> index c2bd457..1259ec6 100644
> --- a/net/netfilter/nf_conntrack_proto_sctp.c
> +++ b/net/netfilter/nf_conntrack_proto_sctp.c
> @@ -373,6 +373,12 @@ static int sctp_packet(struct nf_conn *ct,
> }
> write_unlock_bh(&sctp_lock);
>
> + /* Avoid bogus warning, gcc doesn't realize do_basic_checks()
> + * guarantees that there is at least one SCTP chunk.
> + */
> + if (unlikely(new_state == SCTP_CONNTRACK_MAX))
> + goto out;
> +
If do_basic_checks() guarantees that, why not Initialize new_state to 0?
---
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index ae8c260..218137d 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -317,7 +317,11 @@ static int sctp_packet(struct nf_conn *ct,
goto out;
}
- old_state = new_state = SCTP_CONNTRACK_MAX;
+ /* Avoid bogus warning, gcc doesn't realize do_basic_checks()
+ * guarantees that there is at least one SCTP chunk.
+ */
+ old_state = new_state = 0;
+
write_lock_bh(&sctp_lock);
for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
/* Special cases of Verification tag check (Sec 8.5.1) */
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists