Message ID | 20160930160559.4102745-1-arnd@arndb.de |
---|---|
State | Changes Requested |
Delegated to: | Pablo Neira |
Headers | show |
On Fri, Sep 30, 2016 at 06:05:34PM +0200, Arnd Bergmann wrote: > The newly added nft_range_eval() function handles the two possible > nft range operations, but as the compiler warning points out, > any unexpected value would lead to the 'mismatch' variable being > used without being initialized: > > net/netfilter/nft_range.c: In function 'nft_range_eval': > net/netfilter/nft_range.c:45:5: error: 'mismatch' may be used uninitialized in this function [-Werror=maybe-uninitialized] > > This can be trivially avoided by added a 'default:' clause. Applied this patch, I took Aaron's and Pai's patches instead. Thanks anyway for following up on this issue Arnd. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Sep 30, 2016 at 07:47:49PM +0200, Pablo Neira Ayuso wrote: > On Fri, Sep 30, 2016 at 06:05:34PM +0200, Arnd Bergmann wrote: > > The newly added nft_range_eval() function handles the two possible > > nft range operations, but as the compiler warning points out, > > any unexpected value would lead to the 'mismatch' variable being > > used without being initialized: > > > > net/netfilter/nft_range.c: In function 'nft_range_eval': > > net/netfilter/nft_range.c:45:5: error: 'mismatch' may be used uninitialized in this function [-Werror=maybe-uninitialized] > > > > This can be trivially avoided by added a 'default:' clause. > > Applied this patch, I took Aaron's and Pai's patches instead. Looking at this again, I know uninitialized_var() has been discussed as not nice since it can hide bugs behind. But if I fix the existing code to validate priv->op from _init() (this is currently broken), we can probably use this so save extra code in the packet path for a case that is not going to happen. Let me know, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/nft_range.c b/net/netfilter/nft_range.c index c6d5358482d1..72dff5bffca8 100644 --- a/net/netfilter/nft_range.c +++ b/net/netfilter/nft_range.c @@ -40,6 +40,8 @@ static void nft_range_eval(const struct nft_expr *expr, case NFT_RANGE_NEQ: mismatch = (d1 >= 0 && d2 <= 0); break; + default: + mismatch = 0; } if (mismatch)
The newly added nft_range_eval() function handles the two possible nft range operations, but as the compiler warning points out, any unexpected value would lead to the 'mismatch' variable being used without being initialized: net/netfilter/nft_range.c: In function 'nft_range_eval': net/netfilter/nft_range.c:45:5: error: 'mismatch' may be used uninitialized in this function [-Werror=maybe-uninitialized] This can be trivially avoided by added a 'default:' clause. Fixes: 0f3cd9b36977 ("netfilter: nf_tables: add range expression") Signed-off-by: Arnd Bergmann <arnd@arndb.de> --- net/netfilter/nft_range.c | 2 ++ 1 file changed, 2 insertions(+)