summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2022-01-11 06:33:36 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2022-01-11 06:33:36 +0300
commit63045bfd3c8dbe9c8bee7e33291202725154cb2c (patch)
tree9bc1e9ee96f55274b9a8794da9c0f74cf76c03c2 /net
parent8efd0d9c316af470377894a6a0f9ff63ce18c177 (diff)
downloadlinux-63045bfd3c8dbe9c8bee7e33291202725154cb2c.tar.xz
netfilter: nf_tables: don't use 'data_size' uninitialized
Commit 2c865a8a28a1 ("netfilter: nf_tables: add rule blob layout") never initialized the new 'data_size' variable. I'm not sure how it ever worked, but it might have worked almost by accident - gcc seems to occasionally miss these kinds of 'variable used uninitialized' situations, but I've seen it do so because it ended up zero-initializing them due to some other simplification. But clang is very unhappy about it all, and correctly reports net/netfilter/nf_tables_api.c:8278:4: error: variable 'data_size' is uninitialized when used here [-Werror,-Wuninitialized] data_size += sizeof(*prule) + rule->dlen; ^~~~~~~~~ net/netfilter/nf_tables_api.c:8263:30: note: initialize the variable 'data_size' to silence this warning unsigned int size, data_size; ^ = 0 1 error generated. and this fix just initializes 'data_size' to zero before the loop. Fixes: 2c865a8a28a1 ("netfilter: nf_tables: add rule blob layout") Cc: Pablo Neira Ayuso <pablo@netfilter.org> Cc: Jakub Kicinski <kuba@kernel.org> Cc: David Miller <davem@davemloft.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_tables_api.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index eb12fc9b803d..77938b1042f3 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -8273,6 +8273,7 @@ static int nf_tables_commit_chain_prepare(struct net *net, struct nft_chain *cha
rule = list_entry(&chain->rules, struct nft_rule, list);
i = 0;
+ data_size = 0;
list_for_each_entry_continue(rule, &chain->rules, list) {
if (nft_is_active_next(net, rule)) {
data_size += sizeof(*prule) + rule->dlen;