Re: [PATCH] netfilter: nf_conntrack_sctp: fix build warning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 24, 2008 at 02:23:16PM +0200, Patrick McHardy wrote:
> Wu Fengguang wrote:
> >> print some debug info would be better?
> > 
> > Like this one?
> > +		pr_debug("Empty sctp packet\n");
> > 
> > Fengguang
> > ---
> > netfilter: nf_conntrack_sctp: fix build warning
> > 
> > net/netfilter/nf_conntrack_proto_sctp.c: In function ‘sctp_packet’:
> > net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds
> 
> The warning is bogus, so we don't need a pr_debug() there.
> I've applied your first patch with an unlikely() added and
> a comment stating that the warning is bogus.

Thank you! I was expecting some better solution (and learn a bit) ;-)

> commit a3e2913ffd3dec7f6975f680035670261ad5f56e
> Author: Wu Fengguang <wfg@xxxxxxxxxxxxxxx>
> Date:   Mon Nov 24 13:18:00 2008 +0100
> 
>     netfilter: nf_conntrack_sctp: fix build warning
>     
>     net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet':
>     net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds
>     
>     [Patrick; add unlikely and comment stating that the warning is bogus]
>     
>     Signed-off-by: Wu Fengguang <wfg@xxxxxxxxxxxxxxx>
>     Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
> 
> diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
> index c2bd457..1259ec6 100644
> --- a/net/netfilter/nf_conntrack_proto_sctp.c
> +++ b/net/netfilter/nf_conntrack_proto_sctp.c
> @@ -373,6 +373,12 @@ static int sctp_packet(struct nf_conn *ct,
>  	}
>  	write_unlock_bh(&sctp_lock);
>  
> +	/* Avoid bogus warning, gcc doesn't realize do_basic_checks()
> +	 * guarantees that there is at least one SCTP chunk.
> +	 */
> +	if (unlikely(new_state == SCTP_CONNTRACK_MAX))
> +		goto out;
> +

If do_basic_checks() guarantees that, why not Initialize new_state to 0?

---
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index ae8c260..218137d 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -317,7 +317,11 @@ static int sctp_packet(struct nf_conn *ct,
 		goto out;
 	}
 
-	old_state = new_state = SCTP_CONNTRACK_MAX;
+	/* Avoid bogus warning, gcc doesn't realize do_basic_checks()
+	 * guarantees that there is at least one SCTP chunk.
+	 */
+	old_state = new_state = 0;
+
 	write_lock_bh(&sctp_lock);
 	for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
 		/* Special cases of Verification tag check (Sec 8.5.1) */
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux