On 17 Mar 2026, at 19:55, Mike Pattrick via dev wrote:
> In parse_conntrack_action(), the ct_nat_params struct is declared > without initialization. The snat and dnat fields are only set when > the user explicitly specifies "src" or "dst" in the NAT configuration. > However, the validation checks that both both snat and dnat are not Double “both” in the line above. This also looks like a false positive, as have_nat is not set, so the values are never read (and if it is, it’s memset). I was looking at Clang’s static analyzer, but there’s no easy way to exclude or mark issues it finds as not being issues without modifying the code. I guess until this is improved, there’s not much we can do. For this case, we could just apply your change since it’s not in the fast path. // Eelco Acked-by: Eelco Chaudron [email protected] > simultaneously true, which will read these fields regardless of user > input. > > Initialize snat and dnat to false at declaration to ensure these fields > have defined values before any reads occur. > > Found with clang analyze. > > Fixes: 9ac0aadab9f9 ("conntrack: Add support for NAT.") > Signed-off-by: Mike Pattrick <[email protected]> _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
