From: Daniel Borkmann <dborkman@redhat.com>
To: linux-sctp@vger.kernel.org
Subject: Re: net: sctp: rework multihoming retransmission path selection to rfc4960
Date: Fri, 28 Feb 2014 23:30:09 +0000 [thread overview]
Message-ID: <53111C01.40203@redhat.com> (raw)
In-Reply-To: <20140228231512.GA22115@elgon.mountain>
On 03/01/2014 12:15 AM, Dan Carpenter wrote:
> Hello Daniel Borkmann,
>
> This is a semi-automatic email about new static checker warnings.
>
> The patch 4c47af4d5eb2: "net: sctp: rework multihoming retransmission
> path selection to rfc4960" from Feb 20, 2014, leads to the following
> Smatch complaint:
>
> net/sctp/associola.c:1322 sctp_assoc_update_retran_path()
> warn: variable dereferenced before check 'trans_next' (see line 1319)
>
> net/sctp/associola.c
> 1305 /* Iterate from retran_path's successor back to retran_path. */
> 1306 for (trans = list_next_entry(trans, transports); 1;
> 1307 trans = list_next_entry(trans, transports)) {
> 1308 /* Manually skip the head element. */
> 1309 if (&trans->transports = &asoc->peer.transport_addr_list)
> 1310 continue;
> 1311 if (trans->state = SCTP_UNCONFIRMED)
> 1312 continue;
> 1313 trans_next = sctp_trans_elect_best(trans, trans_next);
> 1314 /* Active is good enough for immediate return. */
> 1315 if (trans_next->state = SCTP_ACTIVE)
> ^^^^^^^^^^^^^^^^^
> Dereference.
That is a false-positive.
trans_next at that time is being assigned through sctp_trans_elect_best() a
guaranteed non-NULL pointer.
> 1316 break;
> ^^^^^^
> 1317 /* We've reached the end, time to update path. */
> 1318 if (trans = asoc->peer.retran_path)
> 1319 break;
> ^^^^^
> These two breaks are the the only way to exit from the loop.
>
> 1320 }
> 1321
> 1322 if (trans_next != NULL)
> ^^^^^^^^^^^^^^^^^^
> Check to late.
>
> 1323 asoc->peer.retran_path = trans_next;
> 1324
>
> regards,
> dan carpenter
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2014-02-28 23:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-28 23:15 net: sctp: rework multihoming retransmission path selection to rfc4960 Dan Carpenter
2014-02-28 23:30 ` Daniel Borkmann [this message]
2014-03-01 8:44 ` Dan Carpenter
2014-03-01 10:24 ` Daniel Borkmann
[not found] <20140305192635.6D9F7660D13@gitolite.kernel.org>
2014-03-06 6:02 ` Dave Jones
2014-03-06 9:42 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53111C01.40203@redhat.com \
--to=dborkman@redhat.com \
--cc=linux-sctp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.