On Fri, Jul 17, 2020 at 12:06:48PM +0200, Phil Sutter wrote: > Hi Pablo, > > On Wed, Jul 15, 2020 at 08:14:33PM +0200, Pablo Neira Ayuso wrote: > > On Mon, Jul 13, 2020 at 01:15:52PM +0200, Phil Sutter wrote: > > [...] > > > Avoid this warning by declaring 'entries' as an ISO C99 flexible array > > > member. This makes gcc aware of the intended use and enables sanity > > > checking as described in: > > > https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > > > > > > Signed-off-by: Phil Sutter <phil@xxxxxx> > > > --- > > > include/uapi/linux/netfilter_ipv4/ip_tables.h | 2 +- > > > include/uapi/linux/netfilter_ipv6/ip6_tables.h | 2 +- > > > 2 files changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/include/uapi/linux/netfilter_ipv4/ip_tables.h b/include/uapi/linux/netfilter_ipv4/ip_tables.h > > > index 50c7fee625ae9..1a298cc7a29c1 100644 > > > --- a/include/uapi/linux/netfilter_ipv4/ip_tables.h > > > +++ b/include/uapi/linux/netfilter_ipv4/ip_tables.h > > > @@ -203,7 +203,7 @@ struct ipt_replace { > > > struct xt_counters __user *counters; > > > > > > /* The entries (hang off end: not really an array). */ > > > - struct ipt_entry entries[0]; > > > + struct ipt_entry entries[]; > > > > arpt_replace uses this idiom too. > > Oh, indeed. I focussed on those cases gcc complained about when > compiling iptables. Grepping for '\[0\]' in all of > include/uapi/linux/netfilter* reveals a few more cases. Do you think > it's worth "fixing" those as well? It seems this patch was missing a few spots, right? commit 6daf14140129d30207ed6a0a69851fa6a3636bda Author: Gustavo A. R. Silva <gustavo@xxxxxxxxxxxxxx> Date: Thu Feb 20 07:59:14 2020 -0600 netfilter: Replace zero-length array with flexible-array member Probably Cc: Gustavo to confirm this.
