Am 07.12.2012 12:10, schrieb Dan Carpenter: > We pass IFLA_BRPORT_MAX to nla_parse_nested() so we need > IFLA_BRPORT_MAX + 1 elements. Also Smatch complains that we read past > the end of the array when in br_set_port_flag() when it's called with > IFLA_BRPORT_FAST_LEAVE. > I have no clue why nla_parse_nested() need IFLA_BRPORT_MAX elements. but the majory of loop look like for(i=0;i<max;++) most programmers will think this way. So it seems the place to fix is nla_parse_nested(). doing not so is asking for trouble (in the long run). At least this function needs a big warning label that (max-1) is actually needed. just my two cents, wh > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > --- > v2: Style tweak. > > Only needed in linux-next. > > diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c > index 850b7d1..cfc5cfe 100644 > --- a/net/bridge/br_netlink.c > +++ b/net/bridge/br_netlink.c > @@ -239,7 +239,7 @@ int br_setlink(struct net_device *dev, struct nlmsghdr *nlh) > struct ifinfomsg *ifm; > struct nlattr *protinfo; > struct net_bridge_port *p; > - struct nlattr *tb[IFLA_BRPORT_MAX]; > + struct nlattr *tb[IFLA_BRPORT_MAX + 1]; > int err; > > ifm = nlmsg_data(nlh); > > -- > To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > >