-Wflex-array-member-not-at-end was introduced in GCC-14, and we are getting ready to enable it, globally.
Use the TRAILING_OVERLAP() helper to fix the following warnings: 1 net/netfilter/x_tables.c:816:39: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] 1 net/netfilter/x_tables.c:811:39: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] This helper creates a union between a flexible-array member (FAM) and a set of members that would otherwise follow it. This overlays the trailing members onto the FAM while preserving the original memory layout. Signed-off-by: Gustavo A. R. Silva <[email protected]> --- Changes in v3: - Use the TRAILING_OVERLAP() helper. - Update changelog text. Changes in v2: - Update verdict after (compat_uint_t *)st->data; - Link: https://lore.kernel.org/linux-hardening/adgL5wPm9VpaV3MO@kspp/ v1: - Link: https://lore.kernel.org/linux-hardening/adbIKC0cZcK7VcCF@kspp/ net/netfilter/x_tables.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index b39017c80548..9f837fb5ceb4 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -819,13 +819,17 @@ EXPORT_SYMBOL_GPL(xt_compat_match_to_user); /* non-compat version may have padding after verdict */ struct compat_xt_standard_target { - struct compat_xt_entry_target t; - compat_uint_t verdict; + /* Must be last as it ends in a flexible-array member. */ + TRAILING_OVERLAP(struct compat_xt_entry_target, t, data, + compat_uint_t verdict; + ); }; struct compat_xt_error_target { - struct compat_xt_entry_target t; - char errorname[XT_FUNCTION_MAXNAMELEN]; + /* Must be last as it ends in a flexible-array member. */ + TRAILING_OVERLAP(struct compat_xt_entry_target, t, data, + char errorname[XT_FUNCTION_MAXNAMELEN]; + ); }; int xt_compat_check_entry_offsets(const void *base, const char *elems, -- 2.43.0
