[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #63929] ip6_frag.c: suspicious usage of 'sizeof(A*)';
From: |
Jarno Malmari |
Subject: |
[lwip-devel] [bug #63929] ip6_frag.c: suspicious usage of 'sizeof(A*)'; pointer to aggregate |
Date: |
Wed, 15 Mar 2023 05:24:42 -0400 (EDT) |
URL:
<https://savannah.nongnu.org/bugs/?63929>
Summary: ip6_frag.c: suspicious usage of 'sizeof(A*)';
pointer to aggregate
Group: lwIP - A Lightweight TCP/IP stack
Submitter: jmalmari
Submitted: Wed 15 Mar 2023 09:24:39 AM UTC
Category: IPv6
Severity: 3 - Normal
Item Group: Compiler Warning
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
lwIP version: git head
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Wed 15 Mar 2023 09:24:39 AM UTC By: Jarno Malmari <jmalmari>
clang-tidy found this potential issue. Can someone confirm if the sizeof
argument is intentional? In the following snippet, I am talking about the last
line with sizeof(iprh).
struct ip6_reass_helper *iprh;
#if LWIP_ICMP6
iprh = (struct ip6_reass_helper *)ipr->p->payload;
if (iprh->start == 0) {
/* The first fragment was received, send ICMP time exceeded. */
/* First, de-queue the first pbuf from r->p. */
p = ipr->p;
ipr->p = iprh->next_pbuf;
/* Restore the part that we've overwritten with our helper structure, or
we
* might send garbage (and disclose a pointer) in the ICMPv6 reply. */
MEMCPY(p->payload, ipr->orig_hdr, sizeof(iprh));
Should it be sizeof(*iprh) or some symbolic constant?
I'm using the latest master branch 3fe8d2fc43a9b69f7ed28c63d44a7744f9c0def9.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/bugs/?63929>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lwip-devel] [bug #63929] ip6_frag.c: suspicious usage of 'sizeof(A*)'; pointer to aggregate,
Jarno Malmari <=