From: Daniel Borkmann <dborkman@redhat.com>
To: linux-sctp@vger.kernel.org
Subject: Re: net: sctp: rework multihoming retransmission path selection to rfc4960
Date: Fri, 28 Feb 2014 23:30:09 +0000 [thread overview]
Message-ID: <53111C01.40203@redhat.com> (raw)
In-Reply-To: <20140228231512.GA22115@elgon.mountain>
On 03/01/2014 12:15 AM, Dan Carpenter wrote:
> Hello Daniel Borkmann,
>
> This is a semi-automatic email about new static checker warnings.
>
> The patch 4c47af4d5eb2: "net: sctp: rework multihoming retransmission
> path selection to rfc4960" from Feb 20, 2014, leads to the following
> Smatch complaint:
>
> net/sctp/associola.c:1322 sctp_assoc_update_retran_path()
> warn: variable dereferenced before check 'trans_next' (see line 1319)
>
> net/sctp/associola.c
> 1305 /* Iterate from retran_path's successor back to retran_path. */
> 1306 for (trans = list_next_entry(trans, transports); 1;
> 1307 trans = list_next_entry(trans, transports)) {
> 1308 /* Manually skip the head element. */
> 1309 if (&trans->transports = &asoc->peer.transport_addr_list)
> 1310 continue;
> 1311 if (trans->state = SCTP_UNCONFIRMED)
> 1312 continue;
> 1313 trans_next = sctp_trans_elect_best(trans, trans_next);
> 1314 /* Active is good enough for immediate return. */
> 1315 if (trans_next->state = SCTP_ACTIVE)
> ^^^^^^^^^^^^^^^^^
> Dereference.
That is a false-positive.
trans_next at that time is being assigned through sctp_trans_elect_best() a
guaranteed non-NULL pointer.
> 1316 break;
> ^^^^^^
> 1317 /* We've reached the end, time to update path. */
> 1318 if (trans = asoc->peer.retran_path)
> 1319 break;
> ^^^^^
> These two breaks are the the only way to exit from the loop.
>
> 1320 }
> 1321
> 1322 if (trans_next != NULL)
> ^^^^^^^^^^^^^^^^^^
> Check to late.
>
> 1323 asoc->peer.retran_path = trans_next;
> 1324
>
> regards,
> dan carpenter
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2014-02-28 23:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-28 23:15 net: sctp: rework multihoming retransmission path selection to rfc4960 Dan Carpenter
2014-02-28 23:30 ` Daniel Borkmann [this message]
2014-03-01 8:44 ` Dan Carpenter
2014-03-01 10:24 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53111C01.40203@redhat.com \
--to=dborkman@redhat.com \
--cc=linux-sctp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox