@@ -32,8 +32,9 @@ void xt_stmt_xlate(const struct stmt *stmt)
switch (stmt->xt.type) {
case NFT_XT_MATCH:
- if (stmt->xt.match == NULL && stmt->xt.opts) {
- printf("%s", stmt->xt.opts);
+ if (stmt->xt.match == NULL) {
+ if (stmt->xt.opts)
+ printf("%s", stmt->xt.opts);
} else if (stmt->xt.match->xlate) {
struct xt_xlate_mt_params params = {
.ip = stmt->xt.entry,
@@ -51,8 +52,9 @@ void xt_stmt_xlate(const struct stmt *stmt)
break;
case NFT_XT_WATCHER:
case NFT_XT_TARGET:
- if (stmt->xt.target == NULL && stmt->xt.opts) {
- printf("%s", stmt->xt.opts);
+ if (stmt->xt.target == NULL) {
+ if (stmt->xt.opts)
+ printf("%s", stmt->xt.opts);
} else if (stmt->xt.target->xlate) {
struct xt_xlate_tg_params params = {
.ip = stmt->xt.entry,
This does not fix a real issue, target or match field should never be NULL. Also, I can't find a place where opts field is being assigned to. Still, covscan sees the NULL check and assumes that if target or match field is NULL *and* opts field is NULL as well, code ends up dereferencing the NULL target or match field later on. Avoid this by splitting the conditional so that later else cases are not hit. Signed-off-by: Phil Sutter <phil@nwl.cc> --- src/xt.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)