Print an empty flowtable rather than crashing when dereferencing
flowtable->priority.expr (its NULL).
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/rule.c | 15 +++++++++------
.../testcases/bogons/flowtable-no-priority-crash | 6 ++++++
2 files changed, 15 insertions(+), 6 deletions(-)
create mode 100644 tests/shell/testcases/bogons/flowtable-no-priority-crash
diff --git a/src/rule.c b/src/rule.c
index 172ba1f606e9..4138c21b81bc 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -2088,12 +2088,15 @@ static void flowtable_print_declaration(const struct flowtable *flowtable,
if (nft_output_handle(octx))
nft_print(octx, " # handle %" PRIu64, flowtable->handle.handle.id);
nft_print(octx, "%s", opts->nl);
- nft_print(octx, "%s%shook %s priority %s%s",
- opts->tab, opts->tab,
- hooknum2str(NFPROTO_NETDEV, flowtable->hook.num),
- prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV,
- flowtable->hook.num, flowtable->priority.expr),
- opts->stmt_separator);
+
+ if (flowtable->priority.expr) {
+ nft_print(octx, "%s%shook %s priority %s%s",
+ opts->tab, opts->tab,
+ hooknum2str(NFPROTO_NETDEV, flowtable->hook.num),
+ prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV,
+ flowtable->hook.num, flowtable->priority.expr),
+ opts->stmt_separator);
+ }
if (flowtable->dev_array_len > 0) {
nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab);
diff --git a/tests/shell/testcases/bogons/flowtable-no-priority-crash b/tests/shell/testcases/bogons/flowtable-no-priority-crash
new file mode 100644
index 000000000000..b327a2bdd341
--- /dev/null
+++ b/tests/shell/testcases/bogons/flowtable-no-priority-crash
@@ -0,0 +1,6 @@
+reset rules
+table inet filter {
+ flowtable f {
+ devices = { lo }
+ }
+}
--
2.41.0
