Date: Fri, 3 Aug 2018 15:02:28 +0200 From: Martin Husemann <mar...@duskware.de> Message-ID: <20180803130227.ga23...@mail.duskware.de>
| What exactly makes the code safe now? If ntohs(p->ip.ip_len) < | (sizeof(p->ip) + sizeof(p->udp)) then we are now in even more serious | trouble. Actually, not more serious, the same serious as before. If adding that cast change anything at all, the compiler isn't working as it should. If the values haven't been verieied, they should be. If they have been verified, there is no problem and nothing needs fixing (except possibly the santiizer). In a later message ... | Overflow (underflow) of an unsigned value is defined and GCC stops | deducing whether there might be a problem. But it always was unsigned, ntohs() returns an unsigned result. Further even if it was signed, doesn't combining a signed value and an unsigned one with an arithmetic op result in an unsigned operation? Where is the signed arithmetic that was supposedly a probem? kre