lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20081124125030.GA14047@localhost>
Date:	Mon, 24 Nov 2008 20:50:30 +0800
From:	Wu Fengguang <fengguang.wu@...el.com>
To:	Patrick McHardy <kaber@...sh.net>
Cc:	Wang Chen <wangchen@...fujitsu.com>,
	David Miller <davem@...emloft.net>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	Netfilter Development Mailinglist 
	<netfilter-devel@...r.kernel.org>
Subject: Re: [PATCH] netfilter: nf_conntrack_sctp: fix build warning

On Mon, Nov 24, 2008 at 02:48:07PM +0200, Patrick McHardy wrote:
> Wu Fengguang wrote:
> > On Mon, Nov 24, 2008 at 02:23:16PM +0200, Patrick McHardy wrote:
> >> +	/* Avoid bogus warning, gcc doesn't realize do_basic_checks()
> >> +	 * guarantees that there is at least one SCTP chunk.
> >> +	 */
> >> +	if (unlikely(new_state == SCTP_CONNTRACK_MAX))
> >> +		goto out;
> >> +
> > 
> > If do_basic_checks() guarantees that, why not Initialize new_state to 0?
> 
> Good point. I've replaced the patch by this one:

Thanks!

Fengguang

Content-Description: x
> commit 328bd8997dbb7184d5389e45c642af44ae6e9043
> Author: Patrick McHardy <kaber@...sh.net>
> Date:   Mon Nov 24 13:44:55 2008 +0100
> 
>     netfilter: nf_conntrack_proto_sctp: avoid bogus warning
>     
>     net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet':
>     net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds
>     
>     gcc doesn't realize that do_basic_checks() guarantees that there is
>     at least one valid chunk and thus new_state is never SCTP_CONNTRACK_MAX
>     after the loop. Initialize to SCTP_CONNTRACK_NONE to avoid the warning.
>     
>     Based on patch by Wu Fengguang <wfg@...ux.intel.com>
>     
>     Signed-off-by: Patrick McHardy <kaber@...sh.net>
> 
> diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
> index c2bd457..74e0379 100644
> --- a/net/netfilter/nf_conntrack_proto_sctp.c
> +++ b/net/netfilter/nf_conntrack_proto_sctp.c
> @@ -317,7 +317,7 @@ static int sctp_packet(struct nf_conn *ct,
>  		goto out;
>  	}
>  
> -	old_state = new_state = SCTP_CONNTRACK_MAX;
> +	old_state = new_state = SCTP_CONNTRACK_NONE;
>  	write_lock_bh(&sctp_lock);
>  	for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
>  		/* Special cases of Verification tag check (Sec 8.5.1) */

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ