@@ -459,7 +459,7 @@ static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl)
if (cs->fw.ip.proto != 0) {
const struct protoent *pent =
getprotobynumber(cs->fw.ip.proto);
- char protonum[strlen("255") + 1];
+ char protonum[sizeof("65535")];
if (!xlate_find_match(cs, pent->p_name)) {
snprintf(protonum, sizeof(protonum), "%u",
@@ -416,7 +416,7 @@ static int nft_ipv6_xlate(const void *data, struct xt_xlate *xl)
if (cs->fw6.ipv6.proto != 0) {
const struct protoent *pent =
getprotobynumber(cs->fw6.ipv6.proto);
- char protonum[strlen("255") + 1];
+ char protonum[sizeof("65535")];
if (!xlate_find_match(cs, pent->p_name)) {
snprintf(protonum, sizeof(protonum), "%u",
proto is u16 in the data structure, so this gave: nft-ipv6.c:422:44: warning: '__builtin___snprintf_chk' output may be truncated before the last format character [-Wformat-truncation=] Signed-off-by: Florian Westphal <fw@strlen.de> --- iptables/nft-ipv4.c | 2 +- iptables/nft-ipv6.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)