On Sat, Apr 06, 2019 at 08:26:52AM +0300, Dan Carpenter wrote: > I believe that "hook->num" can be up to UINT_MAX. Shifting more than > 31 bits would is undefined in C but in practice it would lead to shift > wrapping. That would lead to an array overflow in nf_tables_addchain(): > > ops->hook = hook.type->hooks[ops->hooknum]; Applied, thanks.
