[PATCH nft 1/2] segtree: fix asan runtime error

[PATCH nft 1/2] segtree: fix asan runtime error

[Pablo Neira Ayuso]

ASAN reports:

 segtree.c:387:30: runtime error: variable length array bound evaluates to non-positive value 0

Update array definition to be the set size plus 1.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/segtree.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/segtree.c b/src/segtree.c
index 266a2b4dc98b..b6ca6083ea0b 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -383,8 +383,8 @@ static bool interval_overlap(const struct elementary_interval *e1,
 static int set_overlap(struct list_head *msgs, const struct set *set,
 		       struct expr *init, unsigned int keylen, bool add)
 {
-	struct elementary_interval *new_intervals[init->size];
-	struct elementary_interval *intervals[set->init->size];
+	struct elementary_interval *new_intervals[init->size + 1];
+	struct elementary_interval *intervals[set->init->size + 1];
 	unsigned int n, m, i, j;
 	int ret = 0;
 
-- 
2.20.1

[PATCH nft 2/2] meta: fix asan runtime error in tc handle

[Pablo Neira Ayuso]

 meta.c:92:17: runtime error: left shift of 34661 by 16 places cannot be represented in type 'int'

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/meta.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/meta.c b/src/meta.c
index acc348eb264d..d92d0d323b9b 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -73,7 +73,7 @@ static struct error_record *tchandle_type_parse(struct parse_ctx *ctx,
 	else if (strcmp(sym->identifier, "none") == 0)
 		handle = TC_H_UNSPEC;
 	else if (strchr(sym->identifier, ':')) {
-		uint16_t tmp;
+		uint32_t tmp;
 		char *colon;
 
 		str = xstrdup(sym->identifier);
-- 
2.20.1