Smatch reported a possible off-by-one in tcp_validate_cookie(). However, it's false positive because the possible range of mssind is limited from 0 to 3 by the preceding calculation. mssind = (cookie & (3 << 6)) >> 6; Now, the verifier does not complain without the boundary check. Let's remove the checks. Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Closes: https://lore.kernel.org/bpf/6ae12487-d3f1-488b-9514-af0dac96608f@stanley.mountain/ Signed-off-by: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx> --- .../selftests/bpf/progs/test_tcp_custom_syncookie.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c b/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c index 44ee0d037f95..eb5cca1fce16 100644 --- a/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c +++ b/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c @@ -486,17 +486,10 @@ static int tcp_validate_cookie(struct tcp_syncookie *ctx) goto err; mssind = (cookie & (3 << 6)) >> 6; - if (ctx->ipv4) { - if (mssind > ARRAY_SIZE(msstab4)) - goto err; - + if (ctx->ipv4) ctx->attrs.mss = msstab4[mssind]; - } else { - if (mssind > ARRAY_SIZE(msstab6)) - goto err; - + else ctx->attrs.mss = msstab6[mssind]; - } ctx->attrs.snd_wscale = cookie & BPF_SYNCOOKIE_WSCALE_MASK; ctx->attrs.rcv_wscale = ctx->attrs.snd_wscale; -- 2.30.2
