Re: CVS commit: src/lib/libpcap

[christos%astron.com@localhost (Christos Zoulas)]

In article <20060320154314.830FB2DA27%cvs.netbsd.org@localhost>,
Matthias Drochner  <drochner%netbsd.org@localhost> wrote:
>
>Module Name:   src
>Committed By:  drochner
>Date:          Mon Mar 20 15:43:14 UTC 2006
>
>Modified Files:
>       src/lib/libpcap: gencode.c
>
>Log Message:
>revert wrong fix to a non-existant problem
>
>Don't believe Coverity blindly!
>
Which part don't you believe:

        struct in6_addr mask;

        if (sizeof(mask) * 8 < masklen)
                bpf_error("mask length must be <= %u", (unsigned 
int)(sizeof(mask) * 8));
        memset(&mask, 0, sizeof(mask));
        memset(&mask, 0xff, masklen / 8);
        if (masklen % 8) {
                mask.s6_addr[masklen / 8] =
                        (0xff << (8 - masklen % 8)) & 0xff;
        }

-----
        sizeof(mask) == 16
        /* assume the maximum possible maxlen without calling bpf_error */
        masklen == 128 = (16 * 8)

        mask.s6_addr[masklen / 8] = mask.s6_addr[16] = oops, since in6_addr:

        struct in6_addr {
                union {
                        __uint8_t   __u6_addr8[16];
                        __uint16_t  __u6_addr16[8];
                        uint32_t  __u6_addr32[4];
                } __u6_addr;                    /* 128-bit IP6 address */
        };

#define s6_addr   __u6_addr.__u6_addr8

-----

Perhaps the proper fix is:

        if (masklen < sizeof(mask) * 8)
                bpf_error("mask length must be < %u", (unsigned 
int)(sizeof(mask) * 8));

christos