[lwip-devel] [bug #63929] ip6_frag.c: suspicious usage of 'sizeof(A*)'; pointer to aggregate

[Jarno Malmari]

URL:
  <https://savannah.nongnu.org/bugs/?63929>

                 Summary: ip6_frag.c: suspicious usage of 'sizeof(A*)';
pointer to aggregate
                   Group: lwIP - A Lightweight TCP/IP stack
               Submitter: jmalmari
               Submitted: Wed 15 Mar 2023 09:24:39 AM UTC
                Category: IPv6
                Severity: 3 - Normal
              Item Group: Compiler Warning
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: git head


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Wed 15 Mar 2023 09:24:39 AM UTC By: Jarno Malmari <jmalmari>
clang-tidy found this potential issue. Can someone confirm if the sizeof
argument is intentional? In the following snippet, I am talking about the last
line with sizeof(iprh).


  struct ip6_reass_helper *iprh;

#if LWIP_ICMP6
  iprh = (struct ip6_reass_helper *)ipr->p->payload;
  if (iprh->start == 0) {
    /* The first fragment was received, send ICMP time exceeded. */
    /* First, de-queue the first pbuf from r->p. */
    p = ipr->p;
    ipr->p = iprh->next_pbuf;
    /* Restore the part that we've overwritten with our helper structure, or
we
     * might send garbage (and disclose a pointer) in the ICMPv6 reply. */
    MEMCPY(p->payload, ipr->orig_hdr, sizeof(iprh));


Should it be sizeof(*iprh) or some symbolic constant?

I'm using the latest master branch 3fe8d2fc43a9b69f7ed28c63d44a7744f9c0def9.







    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?63929>

_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/