diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-01-11 06:33:36 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-01-11 06:33:36 +0300 |
commit | 63045bfd3c8dbe9c8bee7e33291202725154cb2c (patch) | |
tree | 9bc1e9ee96f55274b9a8794da9c0f74cf76c03c2 /net | |
parent | 8efd0d9c316af470377894a6a0f9ff63ce18c177 (diff) | |
download | linux-63045bfd3c8dbe9c8bee7e33291202725154cb2c.tar.xz |
netfilter: nf_tables: don't use 'data_size' uninitialized
Commit 2c865a8a28a1 ("netfilter: nf_tables: add rule blob layout") never
initialized the new 'data_size' variable.
I'm not sure how it ever worked, but it might have worked almost by
accident - gcc seems to occasionally miss these kinds of 'variable used
uninitialized' situations, but I've seen it do so because it ended up
zero-initializing them due to some other simplification.
But clang is very unhappy about it all, and correctly reports
net/netfilter/nf_tables_api.c:8278:4: error: variable 'data_size' is uninitialized when used here [-Werror,-Wuninitialized]
data_size += sizeof(*prule) + rule->dlen;
^~~~~~~~~
net/netfilter/nf_tables_api.c:8263:30: note: initialize the variable 'data_size' to silence this warning
unsigned int size, data_size;
^
= 0
1 error generated.
and this fix just initializes 'data_size' to zero before the loop.
Fixes: 2c865a8a28a1 ("netfilter: nf_tables: add rule blob layout")
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_tables_api.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index eb12fc9b803d..77938b1042f3 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -8273,6 +8273,7 @@ static int nf_tables_commit_chain_prepare(struct net *net, struct nft_chain *cha rule = list_entry(&chain->rules, struct nft_rule, list); i = 0; + data_size = 0; list_for_each_entry_continue(rule, &chain->rules, list) { if (nft_is_active_next(net, rule)) { data_size += sizeof(*prule) + rule->dlen; |