Wu Fengguang wrote:
print some debug info would be better?
Like this one?
+ pr_debug("Empty sctp packet\n");
Fengguang
---
netfilter: nf_conntrack_sctp: fix build warning
net/netfilter/nf_conntrack_proto_sctp.c: In function ‘sctp_packet’:
net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds
The warning is bogus, so we don't need a pr_debug() there.
I've applied your first patch with an unlikely() added and
a comment stating that the warning is bogus.
commit a3e2913ffd3dec7f6975f680035670261ad5f56e
Author: Wu Fengguang <wfg@xxxxxxxxxxxxxxx>
Date: Mon Nov 24 13:18:00 2008 +0100
netfilter: nf_conntrack_sctp: fix build warning
net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet':
net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds
[Patrick; add unlikely and comment stating that the warning is bogus]
Signed-off-by: Wu Fengguang <wfg@xxxxxxxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index c2bd457..1259ec6 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -373,6 +373,12 @@ static int sctp_packet(struct nf_conn *ct,
}
write_unlock_bh(&sctp_lock);
+ /* Avoid bogus warning, gcc doesn't realize do_basic_checks()
+ * guarantees that there is at least one SCTP chunk.
+ */
+ if (unlikely(new_state == SCTP_CONNTRACK_MAX))
+ goto out;
+
nf_ct_refresh_acct(ct, ctinfo, skb, sctp_timeouts[new_state]);
if (old_state == SCTP_CONNTRACK_COOKIE_ECHOED &&
