Received: by 2002:a05:6a10:c7c6:0:0:0:0 with SMTP id h6csp3144709pxy; Wed, 4 Aug 2021 03:33:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxY3mz1+GInk4YORQE48WcLYgSSgnkD9lCXEsnQ+3YNMrtX/KzrmV+i9s2rFS+ZX7+OSqDz X-Received: by 2002:a05:6638:624:: with SMTP id h4mr16179090jar.73.1628073185477; Wed, 04 Aug 2021 03:33:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628073185; cv=none; d=google.com; s=arc-20160816; b=IYY+kEgYkjGD5dfa1HY9FFZJES1hpqBiEO++VvywyLJxw/MRom9f2jXmAF1QwhnqyS zZrvziGlX18/X2GYTrrEqjWfJRxUs9Gr1kZ1ojJw085tLcRuHYh96MeYq6ZlOkoTpfBB Lcecwim7YeqxZgWpIDGbxcNBvEb46/AsUYsT2IQ/B11fBrdk0Bk6YYpJhkVnIr6/cRyC SovQRJcxLIfa9s2MQVZndvS89qRRZ1Y2ioHB1p2reKpBFsp9ZufY1yG87N3zBI44LcvU Urdw26ghROUMVkZPeICqFfe6tZK6SRp8iRbWcyQ1a3Shqy9jHvXUoGQNhGZpPlSMugCT PtXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=yOwyXSmuLim7zfXkTxHvVfFu2Hh1/E3cXGVtNedDq3s=; b=madPx2ULsOmiRdP/qkgah5ZcObr6KqF9d9SoDQF7mQM2g0NGBaeNYIJroIXsJia1fQ BtONi4qOhG6w8bOEyfCg+SbJuEyWV6gOvWPeq11dUpYZ8pa20tTcblDhinnpRX5SVN1U K40XQAFY6MmRZ8P6ZSqJZBoKvxn3JMSvBgFPLSvZ5K0VboZgXvBllfkLyvXlXgBNfoh+ ewy0P2ux2WBU2dTas5L7YbB4rtpKVN81Zh81BRiwvZBJ19+upDtd0WwPu5DyCDBaOMB8 ZqmEoOA1fSjvPnZHvOYob0rqIFifYl0qJKNGkwOoTINtG311ze79Lo8U2tOWkAvev8i+ Ipgg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q17si1992946ilj.42.2021.08.04.03.32.52; Wed, 04 Aug 2021 03:33:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236715AbhHDIoV (ORCPT + 99 others); Wed, 4 Aug 2021 04:44:21 -0400 Received: from mail.netfilter.org ([217.70.188.207]:55332 "EHLO mail.netfilter.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236697AbhHDIoT (ORCPT ); Wed, 4 Aug 2021 04:44:19 -0400 Received: from netfilter.org (bl11-146-165.dsl.telepac.pt [85.244.146.165]) by mail.netfilter.org (Postfix) with ESMTPSA id 8E16D60043; Wed, 4 Aug 2021 10:43:29 +0200 (CEST) Date: Wed, 4 Aug 2021 10:43:55 +0200 From: Pablo Neira Ayuso To: Nathan Chancellor Cc: Jozsef Kadlecsik , Florian Westphal , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Nick Desaulniers , kernel test robot Subject: Re: [PATCH] netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt() Message-ID: <20210804084355.GA1483@salvia> References: <20210803191813.282980-1-nathan@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20210803191813.282980-1-nathan@kernel.org> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 03, 2021 at 12:18:13PM -0700, Nathan Chancellor wrote: > Clang warns: > > net/netfilter/ipset/ip_set_hash_ipportnet.c:249:29: warning: variable > 'port_to' is uninitialized when used here [-Wuninitialized] > if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE) > ^~~~~~~ > net/netfilter/ipset/ip_set_hash_ipportnet.c:167:45: note: initialize the > variable 'port_to' to silence this warning > u32 ip = 0, ip_to = 0, p = 0, port, port_to; > ^ > = 0 > net/netfilter/ipset/ip_set_hash_ipportnet.c:249:39: warning: variable > 'port' is uninitialized when used here [-Wuninitialized] > if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE) > ^~~~ > net/netfilter/ipset/ip_set_hash_ipportnet.c:167:36: note: initialize the > variable 'port' to silence this warning > u32 ip = 0, ip_to = 0, p = 0, port, port_to; > ^ > = 0 > 2 warnings generated. > > The range check was added before port and port_to are initialized. > Shuffle the check after the initialization so that the check works > properly. For the record: I have squashed this fix into the original patch in nf.git to make it easier to pass it on to -stable. Thanks.