{"id":2232533,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2232533/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260504171201.28383-1-fw@strlen.de/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/1.1/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<20260504171201.28383-1-fw@strlen.de>","date":"2026-05-04T17:11:55","name":"[nft] src: don't write to possible rodata location","commit_ref":null,"pull_url":null,"state":"accepted","archived":true,"hash":"5b3258f9fa1df707a736376aa6f355af9b6466ad","submitter":{"id":1025,"url":"http://patchwork.ozlabs.org/api/1.1/people/1025/?format=json","name":"Florian Westphal","email":"fw@strlen.de"},"delegate":{"id":11902,"url":"http://patchwork.ozlabs.org/api/1.1/users/11902/?format=json","username":"strlen","first_name":"Florian","last_name":"Westphal","email":"fw@strlen.de"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260504171201.28383-1-fw@strlen.de/mbox/","series":[{"id":502699,"url":"http://patchwork.ozlabs.org/api/1.1/series/502699/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=502699","date":"2026-05-04T17:11:55","name":"[nft] src: don't write to possible rodata location","version":1,"mbox":"http://patchwork.ozlabs.org/series/502699/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2232533/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2232533/checks/","tags":{},"headers":{"Return-Path":"\n <netfilter-devel+bounces-12407-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c09:e001:a7::12fc:5321; helo=sto.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12407-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=91.216.245.30","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=Chamillionaire.breakpoint.cc"],"Received":["from sto.lore.kernel.org (sto.lore.kernel.org\n [IPv6:2600:3c09:e001:a7::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g8Sr113trz1yJ9\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 05 May 2026 03:12:17 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sto.lore.kernel.org (Postfix) with ESMTP id 23E8030071CE\n\tfor <incoming@patchwork.ozlabs.org>; Mon,  4 May 2026 17:12:14 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 5C4963E0C4F;\n\tMon,  4 May 2026 17:12:11 +0000 (UTC)","from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc\n [91.216.245.30])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 80C042D8DDF\n\tfor <netfilter-devel@vger.kernel.org>; Mon,  4 May 2026 17:12:09 +0000 (UTC)","by Chamillionaire.breakpoint.cc (Postfix, from userid 1003)\n\tid 25CEF6079C; Mon, 04 May 2026 19:12:07 +0200 (CEST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777914731; cv=none;\n b=FmovlO1/t4uTtdBb26NQ3htt4RcfITTwy+n3tDIo1V4sqGYvQNocNUvnIoBlvnDiNHwa3Svp8QuWCeRH343pjctLPqNiwDD2K1O4wr3/1s/SrUU99CsSPJRlsokATZGn2v2bYTgT0BN9c9Joq2rBKf0ZmaWeiFMZ5XhpGQPLIlw=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777914731; c=relaxed/simple;\n\tbh=LPhkfnFT7SqsfrweJPtAI2loEsn0Dp0+XNcysdLsVb4=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=dw4P1klqigVBCejOqgtTXXQctQE7WStDK3AmTVVg4qK7aBMcJCGhad0o/6S2Y7gzNlV7X7WDqFSJhSiSlrTgHafxOHLYCcqs3B8pqM3X0gN9Zh5SkhCnEUr0Fp6GXTOEefn0r9ISLy6PiBuUIrNpGwtVDi1Hut2Bqx3VsSo6Bok=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de;\n spf=pass smtp.mailfrom=Chamillionaire.breakpoint.cc;\n arc=none smtp.client-ip=91.216.245.30","From":"Florian Westphal <fw@strlen.de>","To":"<netfilter-devel@vger.kernel.org>","Cc":"Florian Westphal <fw@strlen.de>","Subject":"[PATCH nft] src: don't write to possible rodata location","Date":"Mon,  4 May 2026 19:11:55 +0200","Message-ID":"<20260504171201.28383-1-fw@strlen.de>","X-Mailer":"git-send-email 2.53.0","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit"},"content":"seen with gcc-16.0.1:\nsrc/libnftables.c: In function 'nft_ctx_add_var':\nsrc/libnftables.c:153:27: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]\n153 |         char *separator = strchr(var, '=');\n\nfunction arg says \"const char *\", write to this memory location is not expected.\n\nSigned-off-by: Florian Westphal <fw@strlen.de>\n---\n src/libnftables.c | 12 +++++++++---\n 1 file changed, 9 insertions(+), 3 deletions(-)","diff":"diff --git a/src/libnftables.c b/src/libnftables.c\nindex bc42c32de889..db9ee388adde 100644\n--- a/src/libnftables.c\n+++ b/src/libnftables.c\n@@ -150,21 +150,27 @@ static void nft_exit(struct nft_ctx *ctx)\n EXPORT_SYMBOL(nft_ctx_add_var);\n int nft_ctx_add_var(struct nft_ctx *ctx, const char *var)\n {\n-\tchar *separator = strchr(var, '=');\n+\tconst char *separator = strchr(var, '=');\n \tint pcount = ctx->num_vars;\n \tstruct nft_vars *tmp;\n \tconst char *value;\n+\tsize_t len;\n+\tchar *key;\n \n \tif (!separator)\n \t\treturn -1;\n \n \ttmp = xrealloc(ctx->vars, (pcount + 1) * sizeof(struct nft_vars));\n \n-\t*separator = '\\0';\n \tvalue = separator + 1;\n+\tlen = separator - var;\n+\n+\tkey = xmalloc(len + 1);\n+\tmemcpy(key, var, len);\n+\tkey[len] = '\\0';\n \n \tctx->vars = tmp;\n-\tctx->vars[pcount].key = xstrdup(var);\n+\tctx->vars[pcount].key = key;\n \tctx->vars[pcount].value = xstrdup(value);\n \tctx->num_vars++;\n \n","prefixes":["nft"]}