From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BEE67C4338F for ; Wed, 4 Aug 2021 08:44:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A6D1960200 for ; Wed, 4 Aug 2021 08:44:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236695AbhHDIoW (ORCPT ); Wed, 4 Aug 2021 04:44:22 -0400 Received: from mail.netfilter.org ([217.70.188.207]:55332 "EHLO mail.netfilter.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236697AbhHDIoT (ORCPT ); Wed, 4 Aug 2021 04:44:19 -0400 Received: from netfilter.org (bl11-146-165.dsl.telepac.pt [85.244.146.165]) by mail.netfilter.org (Postfix) with ESMTPSA id 8E16D60043; Wed, 4 Aug 2021 10:43:29 +0200 (CEST) Date: Wed, 4 Aug 2021 10:43:55 +0200 From: Pablo Neira Ayuso To: Nathan Chancellor Cc: Jozsef Kadlecsik , Florian Westphal , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Nick Desaulniers , kernel test robot Subject: Re: [PATCH] netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt() Message-ID: <20210804084355.GA1483@salvia> References: <20210803191813.282980-1-nathan@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20210803191813.282980-1-nathan@kernel.org> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 03, 2021 at 12:18:13PM -0700, Nathan Chancellor wrote: > Clang warns: > > net/netfilter/ipset/ip_set_hash_ipportnet.c:249:29: warning: variable > 'port_to' is uninitialized when used here [-Wuninitialized] > if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE) > ^~~~~~~ > net/netfilter/ipset/ip_set_hash_ipportnet.c:167:45: note: initialize the > variable 'port_to' to silence this warning > u32 ip = 0, ip_to = 0, p = 0, port, port_to; > ^ > = 0 > net/netfilter/ipset/ip_set_hash_ipportnet.c:249:39: warning: variable > 'port' is uninitialized when used here [-Wuninitialized] > if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE) > ^~~~ > net/netfilter/ipset/ip_set_hash_ipportnet.c:167:36: note: initialize the > variable 'port' to silence this warning > u32 ip = 0, ip_to = 0, p = 0, port, port_to; > ^ > = 0 > 2 warnings generated. > > The range check was added before port and port_to are initialized. > Shuffle the check after the initialization so that the check works > properly. For the record: I have squashed this fix into the original patch in nf.git to make it easier to pass it on to -stable. Thanks.