Hello Eric Dumazet,
The patch fbfa743a9d2a: "ipv6: fix ip6_tnl_parse_tlv_enc_lim()" from
Jan 23, 2017, leads to the following static checker warning:
net/ipv6/ip6_tunnel.c:444 ip6_tnl_parse_tlv_enc_lim()
warn: potential pointer math issue ('skb->data' is a 24 bit pointer)
net/ipv6/ip6_tunnel.c
437 while (1) {
438 struct ipv6_tlv_tnl_enc_lim *tel;
439
440 /* No more room for encapsulation limit */
441 if (i + sizeof(*tel) > optlen)
442 break;
443
444 tel = (struct ipv6_tlv_tnl_enc_lim *) skb->data + off + i;
This should be:
tel = (struct ipv6_tlv_tnl_enc_lim *)(skb->data + off + i);
Someone probably already reported this?
445 /* return index of option if found and valid */
446 if (tel->type == IPV6_TLV_TNL_ENCAP_LIMIT &&
447 tel->length == 1)
448 return i + off - nhoff;
449 /* else jump to next option */
450 if (tel->type)
451 i += tel->length + 2;
452 else
453 i++;
454 }
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
