Patchwork netfilter 24/29: nf_conntrack_proto_sctp: avoid bogus warning

mail settings
Submitter Patrick McHardy
Date Nov. 27, 2008, 4:15 p.m.
Message ID <20081127161535.13891.23844.sendpatchset@x2.localnet>
Download mbox | patch
Permalink /patch/11232/
State Accepted
Delegated to: David Miller
Headers show


Patrick McHardy - Nov. 27, 2008, 4:15 p.m.
commit 328bd8997dbb7184d5389e45c642af44ae6e9043
Author: Patrick McHardy <>
Date:   Mon Nov 24 13:44:55 2008 +0100

    netfilter: nf_conntrack_proto_sctp: avoid bogus warning
    net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet':
    net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds
    gcc doesn't realize that do_basic_checks() guarantees that there is
    at least one valid chunk and thus new_state is never SCTP_CONNTRACK_MAX
    after the loop. Initialize to SCTP_CONNTRACK_NONE to avoid the warning.
    Based on patch by Wu Fengguang <>
    Signed-off-by: Patrick McHardy <>

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at


diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index c2bd457..74e0379 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -317,7 +317,7 @@  static int sctp_packet(struct nf_conn *ct,
 		goto out;
-	old_state = new_state = SCTP_CONNTRACK_MAX;
+	old_state = new_state = SCTP_CONNTRACK_NONE;
 	for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
 		/* Special cases of Verification tag check (Sec 8.5.1) */