Wu Fengguang wrote:
On Mon, Nov 24, 2008 at 02:23:16PM +0200, Patrick McHardy wrote:
+ /* Avoid bogus warning, gcc doesn't realize do_basic_checks()
+ * guarantees that there is at least one SCTP chunk.
+ */
+ if (unlikely(new_state == SCTP_CONNTRACK_MAX))
+ goto out;
+
If do_basic_checks() guarantees that, why not Initialize new_state to 0?
Good point. I've replaced the patch by this one:
commit 328bd8997dbb7184d5389e45c642af44ae6e9043
Author: Patrick McHardy <kaber@xxxxxxxxx>
Date: Mon Nov 24 13:44:55 2008 +0100
netfilter: nf_conntrack_proto_sctp: avoid bogus warning
net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet':
net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds
gcc doesn't realize that do_basic_checks() guarantees that there is
at least one valid chunk and thus new_state is never SCTP_CONNTRACK_MAX
after the loop. Initialize to SCTP_CONNTRACK_NONE to avoid the warning.
Based on patch by Wu Fengguang <wfg@xxxxxxxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index c2bd457..74e0379 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -317,7 +317,7 @@ static int sctp_packet(struct nf_conn *ct,
goto out;
}
- old_state = new_state = SCTP_CONNTRACK_MAX;
+ old_state = new_state = SCTP_CONNTRACK_NONE;
write_lock_bh(&sctp_lock);
for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
/* Special cases of Verification tag check (Sec 8.5.1) */
