Hi Pablo, On Wed, Jul 15, 2020 at 08:14:33PM +0200, Pablo Neira Ayuso wrote: > On Mon, Jul 13, 2020 at 01:15:52PM +0200, Phil Sutter wrote: > [...] > > Avoid this warning by declaring 'entries' as an ISO C99 flexible array > > member. This makes gcc aware of the intended use and enables sanity > > checking as described in: > > https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > > > > Signed-off-by: Phil Sutter <phil@xxxxxx> > > --- > > include/uapi/linux/netfilter_ipv4/ip_tables.h | 2 +- > > include/uapi/linux/netfilter_ipv6/ip6_tables.h | 2 +- > > 2 files changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/include/uapi/linux/netfilter_ipv4/ip_tables.h b/include/uapi/linux/netfilter_ipv4/ip_tables.h > > index 50c7fee625ae9..1a298cc7a29c1 100644 > > --- a/include/uapi/linux/netfilter_ipv4/ip_tables.h > > +++ b/include/uapi/linux/netfilter_ipv4/ip_tables.h > > @@ -203,7 +203,7 @@ struct ipt_replace { > > struct xt_counters __user *counters; > > > > /* The entries (hang off end: not really an array). */ > > - struct ipt_entry entries[0]; > > + struct ipt_entry entries[]; > > arpt_replace uses this idiom too. Oh, indeed. I focussed on those cases gcc complained about when compiling iptables. Grepping for '\[0\]' in all of include/uapi/linux/netfilter* reveals a few more cases. Do you think it's worth "fixing" those as well? Thanks, Phil
