On Mon, Nov 24, 2008 at 02:48:07PM +0200, Patrick McHardy wrote:
> Wu Fengguang wrote:
> > On Mon, Nov 24, 2008 at 02:23:16PM +0200, Patrick McHardy wrote:
> >> + /* Avoid bogus warning, gcc doesn't realize do_basic_checks()
> >> + * guarantees that there is at least one SCTP chunk.
> >> + */
> >> + if (unlikely(new_state == SCTP_CONNTRACK_MAX))
> >> + goto out;
> >> +
> >
> > If do_basic_checks() guarantees that, why not Initialize new_state to 0?
>
> Good point. I've replaced the patch by this one:
Thanks!
Fengguang
Content-Description: x
> commit 328bd8997dbb7184d5389e45c642af44ae6e9043
> Author: Patrick McHardy <kaber@xxxxxxxxx>
> Date: Mon Nov 24 13:44:55 2008 +0100
>
> netfilter: nf_conntrack_proto_sctp: avoid bogus warning
>
> net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet':
> net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds
>
> gcc doesn't realize that do_basic_checks() guarantees that there is
> at least one valid chunk and thus new_state is never SCTP_CONNTRACK_MAX
> after the loop. Initialize to SCTP_CONNTRACK_NONE to avoid the warning.
>
> Based on patch by Wu Fengguang <wfg@xxxxxxxxxxxxxxx>
>
> Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
>
> diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
> index c2bd457..74e0379 100644
> --- a/net/netfilter/nf_conntrack_proto_sctp.c
> +++ b/net/netfilter/nf_conntrack_proto_sctp.c
> @@ -317,7 +317,7 @@ static int sctp_packet(struct nf_conn *ct,
> goto out;
> }
>
> - old_state = new_state = SCTP_CONNTRACK_MAX;
> + old_state = new_state = SCTP_CONNTRACK_NONE;
> write_lock_bh(&sctp_lock);
> for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
> /* Special cases of Verification tag check (Sec 8.5.1) */
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
