On Mon, Nov 24, 2008 at 02:23:16PM +0200, Patrick McHardy wrote:
> Wu Fengguang wrote:
> >> print some debug info would be better?
> >
> > Like this one?
> > + pr_debug("Empty sctp packet\n");
> >
> > Fengguang
> > ---
> > netfilter: nf_conntrack_sctp: fix build warning
> >
> > net/netfilter/nf_conntrack_proto_sctp.c: In function ‘sctp_packet’:
> > net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds
>
> The warning is bogus, so we don't need a pr_debug() there.
> I've applied your first patch with an unlikely() added and
> a comment stating that the warning is bogus.
Thank you! I was expecting some better solution (and learn a bit) ;-)
> commit a3e2913ffd3dec7f6975f680035670261ad5f56e
> Author: Wu Fengguang <wfg@xxxxxxxxxxxxxxx>
> Date: Mon Nov 24 13:18:00 2008 +0100
>
> netfilter: nf_conntrack_sctp: fix build warning
>
> net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet':
> net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds
>
> [Patrick; add unlikely and comment stating that the warning is bogus]
>
> Signed-off-by: Wu Fengguang <wfg@xxxxxxxxxxxxxxx>
> Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
>
> diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
> index c2bd457..1259ec6 100644
> --- a/net/netfilter/nf_conntrack_proto_sctp.c
> +++ b/net/netfilter/nf_conntrack_proto_sctp.c
> @@ -373,6 +373,12 @@ static int sctp_packet(struct nf_conn *ct,
> }
> write_unlock_bh(&sctp_lock);
>
> + /* Avoid bogus warning, gcc doesn't realize do_basic_checks()
> + * guarantees that there is at least one SCTP chunk.
> + */
> + if (unlikely(new_state == SCTP_CONNTRACK_MAX))
> + goto out;
> +
If do_basic_checks() guarantees that, why not Initialize new_state to 0?
---
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index ae8c260..218137d 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -317,7 +317,11 @@ static int sctp_packet(struct nf_conn *ct,
goto out;
}
- old_state = new_state = SCTP_CONNTRACK_MAX;
+ /* Avoid bogus warning, gcc doesn't realize do_basic_checks()
+ * guarantees that there is at least one SCTP chunk.
+ */
+ old_state = new_state = 0;
+
write_lock_bh(&sctp_lock);
for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
/* Special cases of Verification tag check (Sec 8.5.1) */
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
