1353322 – Fix for CLANG warnings

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1353322 - Fix for CLANG warnings

Summary: Fix for CLANG warnings

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libnftnl
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Phil Sutter
QA Contact:	Tomas Dolezal
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-07-06 18:59 UTC by Phil Sutter
Modified:	2017-08-01 16:53 UTC (History)
CC List:	8 users (show)
Fixed In Version:	libnftnl-1.0.6-6.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-01 16:53:17 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:2007	0	normal	SHIPPED_LIVE	libnftnl bug fix update	2017-08-01 17:58:36 UTC

Description Phil Sutter 2016-07-06 18:59:07 UTC

As reported by coverity tool:


1. libnftnl-1.0.6/src/set.c:277:35: warning: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(uint64_t));
#                                          ^
4. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
7. libnftnl-1.0.6/src/set.c:274:2: note: 'data_len' declared without an initial value
#         uint32_t data_len;
#         ^~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/set.c:275:24: note: Calling 'nftnl_set_get_data'
#         const uint64_t *val = nftnl_set_get_data(s, attr, &data_len);
#                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13. libnftnl-1.0.6/src/set.c:202:2: note: Taking false branch
#         if (!(s->flags & (1 << attr)))
#         ^
16. libnftnl-1.0.6/src/set.c:205:2: note: Control jumps to 'case NFTNL_SET_NAME:' at line 208
#         switch(attr) {
#         ^
19. libnftnl-1.0.6/src/set.c:275:24: note: Returning from 'nftnl_set_get_data'
#         const uint64_t *val = nftnl_set_get_data(s, attr, &data_len);
#                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22. libnftnl-1.0.6/src/set.c:277:2: note: Assuming 'val' is non-null
#         nftnl_assert(val, attr, data_len == sizeof(uint64_t));
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
25. libnftnl-1.0.6/include/utils.h:34:5: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#     ^~~~
28. libnftnl-1.0.6/src/set.c:277:2: note: Left side of '||' is false
29. libnftnl-1.0.6/include/utils.h:34:5: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#     ^
32. libnftnl-1.0.6/src/set.c:277:35: note: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(uint64_t));
#                                 ~~~~~~~~ ^
35. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
#   275|   	const uint64_t *val = nftnl_set_get_data(s, attr, &data_len);
#   276|   
#   277|-> 	nftnl_assert(val, attr, data_len == sizeof(uint64_t));
#   278|   
#   279|   	return val ? *val : 0;



1. libnftnl-1.0.6/src/ruleset.c:249:13: warning: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage
#         ctx->flags |= (1 << attr);
#                    ^
4. libnftnl-1.0.6/src/ruleset.c:836:9: note: Calling 'nftnl_ruleset_parse_file_cb'
#         return nftnl_ruleset_parse_file_cb(type, fp, err, rs, nftnl_ruleset_cb);
#                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7. libnftnl-1.0.6/src/ruleset.c:752:9: note: Calling 'nftnl_ruleset_do_parse'
#         return nftnl_ruleset_do_parse(type, fp, err, NFTNL_PARSE_FILE, data, cb);
#                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/ruleset.c:732:2: note: Control jumps to 'case NFTNL_PARSE_JSON:' at line 736
#         switch (type) {
#         ^
13. libnftnl-1.0.6/src/ruleset.c:737:9: note: Calling 'nftnl_ruleset_json_parse'
#                 ret = nftnl_ruleset_json_parse(data, err, input, type, arg, cb);
#                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
16. libnftnl-1.0.6/src/ruleset.c:560:2: note: Taking false branch
#         if (ctx.set_list == NULL)
#         ^
19. libnftnl-1.0.6/src/ruleset.c:563:6: note: Assuming 'arg' is not equal to null
#         if (arg != NULL)
#             ^~~~~~~~~~~
22. libnftnl-1.0.6/src/ruleset.c:563:2: note: Taking true branch
#         if (arg != NULL)
#         ^
25. libnftnl-1.0.6/src/ruleset.c:564:3: note: Calling 'nftnl_ruleset_ctx_set'
#                 nftnl_ruleset_ctx_set(&ctx, NFTNL_RULESET_CTX_DATA, arg);
#                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
28. libnftnl-1.0.6/src/ruleset.c:226:2: note: Control jumps to 'case NFTNL_RULESET_CTX_DATA:' at line 245
#         switch (attr) {
#         ^
31. libnftnl-1.0.6/src/ruleset.c:247:3: note: Execution continues on line 249
#                 break;
#                 ^
34. libnftnl-1.0.6/src/ruleset.c:249:13: note: The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage
#         ctx->flags |= (1 << attr);
#         ~~~~~~~~~~ ^
#   247|   		break;
#   248|   	}
#   249|-> 	ctx->flags |= (1 << attr);
#   250|   }
#   251|   



1. libnftnl-1.0.6/src/rule.c:280:35: warning: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(uint8_t));
#                                          ^
4. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
7. libnftnl-1.0.6/src/rule.c:277:2: note: 'data_len' declared without an initial value
#         uint32_t data_len;
#         ^~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/rule.c:278:23: note: Calling 'nftnl_rule_get_data'
#         const uint8_t *val = nftnl_rule_get_data(r, attr, &data_len);
#                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13. libnftnl-1.0.6/src/rule.c:209:2: note: Taking false branch
#         if (!(r->flags & (1 << attr)))
#         ^
16. libnftnl-1.0.6/src/rule.c:212:2: note: Control jumps to 'case NFTNL_RULE_CHAIN:' at line 218
#         switch(attr) {
#         ^
19. libnftnl-1.0.6/src/rule.c:278:23: note: Returning from 'nftnl_rule_get_data'
#         const uint8_t *val = nftnl_rule_get_data(r, attr, &data_len);
#                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22. libnftnl-1.0.6/src/rule.c:280:2: note: Assuming 'val' is non-null
#         nftnl_assert(val, attr, data_len == sizeof(uint8_t));
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
25. libnftnl-1.0.6/include/utils.h:34:5: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#     ^~~~
28. libnftnl-1.0.6/src/rule.c:280:2: note: Left side of '||' is false
29. libnftnl-1.0.6/include/utils.h:34:5: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#     ^
32. libnftnl-1.0.6/src/rule.c:280:35: note: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(uint8_t));
#                                 ~~~~~~~~ ^
35. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
#   278|   	const uint8_t *val = nftnl_rule_get_data(r, attr, &data_len);
#   279|   
#   280|-> 	nftnl_assert(val, attr, data_len == sizeof(uint8_t));
#   281|   
#   282|   	return val ? *val : 0;



1. libnftnl-1.0.6/src/rule.c:269:35: warning: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(uint64_t));
#                                          ^
4. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
7. libnftnl-1.0.6/src/rule.c:266:2: note: 'data_len' declared without an initial value
#         uint32_t data_len;
#         ^~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/rule.c:267:24: note: Calling 'nftnl_rule_get_data'
#         const uint64_t *val = nftnl_rule_get_data(r, attr, &data_len);
#                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13. libnftnl-1.0.6/src/rule.c:209:2: note: Taking false branch
#         if (!(r->flags & (1 << attr)))
#         ^
16. libnftnl-1.0.6/src/rule.c:212:2: note: Control jumps to 'case NFTNL_RULE_CHAIN:' at line 218
#         switch(attr) {
#         ^
19. libnftnl-1.0.6/src/rule.c:267:24: note: Returning from 'nftnl_rule_get_data'
#         const uint64_t *val = nftnl_rule_get_data(r, attr, &data_len);
#                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22. libnftnl-1.0.6/src/rule.c:269:2: note: Assuming 'val' is non-null
#         nftnl_assert(val, attr, data_len == sizeof(uint64_t));
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
25. libnftnl-1.0.6/include/utils.h:34:5: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#     ^~~~
28. libnftnl-1.0.6/src/rule.c:269:2: note: Left side of '||' is false
29. libnftnl-1.0.6/include/utils.h:34:5: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#     ^
32. libnftnl-1.0.6/src/rule.c:269:35: note: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(uint64_t));
#                                 ~~~~~~~~ ^
35. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
#   267|   	const uint64_t *val = nftnl_rule_get_data(r, attr, &data_len);
#   268|   
#   269|-> 	nftnl_assert(val, attr, data_len == sizeof(uint64_t));
#   270|   
#   271|   	return val ? *val : 0;



1. libnftnl-1.0.6/src/rule.c:258:35: warning: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(uint32_t));
#                                          ^
4. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
7. libnftnl-1.0.6/src/rule.c:255:2: note: 'data_len' declared without an initial value
#         uint32_t data_len;
#         ^~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/rule.c:256:24: note: Calling 'nftnl_rule_get_data'
#         const uint32_t *val = nftnl_rule_get_data(r, attr, &data_len);
#                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13. libnftnl-1.0.6/src/rule.c:209:2: note: Taking false branch
#         if (!(r->flags & (1 << attr)))
#         ^
16. libnftnl-1.0.6/src/rule.c:212:2: note: Control jumps to 'case NFTNL_RULE_CHAIN:' at line 218
#         switch(attr) {
#         ^
19. libnftnl-1.0.6/src/rule.c:256:24: note: Returning from 'nftnl_rule_get_data'
#         const uint32_t *val = nftnl_rule_get_data(r, attr, &data_len);
#                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22. libnftnl-1.0.6/src/rule.c:258:2: note: Assuming 'val' is non-null
#         nftnl_assert(val, attr, data_len == sizeof(uint32_t));
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
25. libnftnl-1.0.6/include/utils.h:34:5: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#     ^~~~
28. libnftnl-1.0.6/src/rule.c:258:2: note: Left side of '||' is false
29. libnftnl-1.0.6/include/utils.h:34:5: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#     ^
32. libnftnl-1.0.6/src/rule.c:258:35: note: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(uint32_t));
#                                 ~~~~~~~~ ^
35. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
#   256|   	const uint32_t *val = nftnl_rule_get_data(r, attr, &data_len);
#   257|   
#   258|-> 	nftnl_assert(val, attr, data_len == sizeof(uint32_t));
#   259|   
#   260|   	return val ? *val : 0;



1. libnftnl-1.0.6/src/gen.c:146:19: warning: Value stored to 'nfg' during its initialization is never read
#         struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh);
#                          ^~~   ~~~~~~~~~~~~~~~~~~~~~~~~~~
4. libnftnl-1.0.6/src/gen.c:146:19: note: Value stored to 'nfg' during its initialization is never read
#         struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh);
#                          ^~~   ~~~~~~~~~~~~~~~~~~~~~~~~~~
#   144|   {
#   145|   	struct nlattr *tb[NFTA_GEN_MAX + 1] = {};
#   146|-> 	struct nfgenmsg *nfg = mnl_nlmsg_get_payload(nlh);
#   147|   
#   148|   	if (mnl_attr_parse(nlh, sizeof(*nfg), nftnl_gen_parse_attr_cb, tb) < 0)



1. libnftnl-1.0.6/src/gen.c:77:13: warning: Dereference of null pointer
#                 gen->id = *((uint32_t *)data);
#                           ^
4. libnftnl-1.0.6/src/gen.c:86:32: note: Passing value via 3rd parameter 'data'
#         nftnl_gen_set_data(gen, attr, data, nftnl_gen_validate[attr]);
#                                       ^~~~
7. libnftnl-1.0.6/src/gen.c:86:2: note: Calling 'nftnl_gen_set_data'
#         nftnl_gen_set_data(gen, attr, data, nftnl_gen_validate[attr]);
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/gen.c:70:2: note: Taking false branch
#         if (attr > NFTNL_GEN_MAX)
#         ^
13. libnftnl-1.0.6/src/gen.c:73:2: note: Assuming 'data' is null
#         nftnl_assert_validate(data, nftnl_gen_validate, attr, data_len);
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
16. libnftnl-1.0.6/include/utils.h:40:6: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#             ^~~~~
19. libnftnl-1.0.6/src/gen.c:73:2: note: Taking true branch
20. libnftnl-1.0.6/include/utils.h:40:2: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#         ^
23. libnftnl-1.0.6/src/gen.c:73:2: note: Taking false branch
24. libnftnl-1.0.6/include/utils.h:42:2: note: expanded from macro 'nftnl_assert_validate'
#         if (_validate_array[_attr])                                             \
#         ^
27. libnftnl-1.0.6/src/gen.c:75:2: note: Control jumps to 'case NFTNL_GEN_ID:' at line 76
#         switch (attr) {
#         ^
30. libnftnl-1.0.6/src/gen.c:77:13: note: Dereference of null pointer
#                 gen->id = *((uint32_t *)data);
#                           ^~~~~~~~~~~~~~~~~~~
#    75|   	switch (attr) {
#    76|   	case NFTNL_GEN_ID:
#    77|-> 		gen->id = *((uint32_t *)data);
#    78|   		break;
#    79|   	}



1. libnftnl-1.0.6/src/expr.c:191:15: warning: The left operand of '!=' is a garbage value
#         if (data_len != sizeof(uint64_t))
#             ~~~~~~~~ ^
4. libnftnl-1.0.6/src/expr.c:185:2: note: 'data_len' declared without an initial value
#         uint32_t data_len;
#         ^~~~~~~~~~~~~~~~~
7. libnftnl-1.0.6/src/expr.c:187:9: note: Calling 'nftnl_expr_get'
#         data = nftnl_expr_get(expr, type, &data_len);
#                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/expr.c:118:2: note: Taking false branch
#         if (!(expr->flags & (1 << type)))
#         ^
13. libnftnl-1.0.6/src/expr.c:121:2: note: Control jumps to 'case NFTNL_EXPR_NAME:' at line 122
#         switch(type) {
#         ^
16. libnftnl-1.0.6/src/expr.c:124:3: note: Execution continues on line 130
#                 break;
#                 ^
19. libnftnl-1.0.6/src/expr.c:187:9: note: Returning from 'nftnl_expr_get'
#         data = nftnl_expr_get(expr, type, &data_len);
#                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22. libnftnl-1.0.6/src/expr.c:188:6: note: Assuming 'data' is not equal to null
#         if (data == NULL)
#             ^~~~~~~~~~~~
25. libnftnl-1.0.6/src/expr.c:188:2: note: Taking false branch
#         if (data == NULL)
#         ^
28. libnftnl-1.0.6/src/expr.c:191:15: note: The left operand of '!=' is a garbage value
#         if (data_len != sizeof(uint64_t))
#             ~~~~~~~~ ^
#   189|   		return 0;
#   190|   
#   191|-> 	if (data_len != sizeof(uint64_t))
#   192|   		return 0;
#   193|   



1. libnftnl-1.0.6/src/expr.c:175:15: warning: The left operand of '!=' is a garbage value
#         if (data_len != sizeof(uint32_t))
#             ~~~~~~~~ ^
4. libnftnl-1.0.6/src/expr.c:169:2: note: 'data_len' declared without an initial value
#         uint32_t data_len;
#         ^~~~~~~~~~~~~~~~~
7. libnftnl-1.0.6/src/expr.c:171:9: note: Calling 'nftnl_expr_get'
#         data = nftnl_expr_get(expr, type, &data_len);
#                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/expr.c:118:2: note: Taking false branch
#         if (!(expr->flags & (1 << type)))
#         ^
13. libnftnl-1.0.6/src/expr.c:121:2: note: Control jumps to 'case NFTNL_EXPR_NAME:' at line 122
#         switch(type) {
#         ^
16. libnftnl-1.0.6/src/expr.c:124:3: note: Execution continues on line 130
#                 break;
#                 ^
19. libnftnl-1.0.6/src/expr.c:171:9: note: Returning from 'nftnl_expr_get'
#         data = nftnl_expr_get(expr, type, &data_len);
#                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22. libnftnl-1.0.6/src/expr.c:172:6: note: Assuming 'data' is not equal to null
#         if (data == NULL)
#             ^~~~~~~~~~~~
25. libnftnl-1.0.6/src/expr.c:172:2: note: Taking false branch
#         if (data == NULL)
#         ^
28. libnftnl-1.0.6/src/expr.c:175:15: note: The left operand of '!=' is a garbage value
#         if (data_len != sizeof(uint32_t))
#             ~~~~~~~~ ^
#   173|   		return 0;
#   174|   
#   175|-> 	if (data_len != sizeof(uint32_t))
#   176|   		return 0;
#   177|   



1. libnftnl-1.0.6/src/expr.c:159:15: warning: The left operand of '!=' is a garbage value
#         if (data_len != sizeof(uint16_t))
#             ~~~~~~~~ ^
4. libnftnl-1.0.6/src/expr.c:153:2: note: 'data_len' declared without an initial value
#         uint32_t data_len;
#         ^~~~~~~~~~~~~~~~~
7. libnftnl-1.0.6/src/expr.c:155:9: note: Calling 'nftnl_expr_get'
#         data = nftnl_expr_get(expr, type, &data_len);
#                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/expr.c:118:2: note: Taking false branch
#         if (!(expr->flags & (1 << type)))
#         ^
13. libnftnl-1.0.6/src/expr.c:121:2: note: Control jumps to 'case NFTNL_EXPR_NAME:' at line 122
#         switch(type) {
#         ^
16. libnftnl-1.0.6/src/expr.c:124:3: note: Execution continues on line 130
#                 break;
#                 ^
19. libnftnl-1.0.6/src/expr.c:155:9: note: Returning from 'nftnl_expr_get'
#         data = nftnl_expr_get(expr, type, &data_len);
#                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22. libnftnl-1.0.6/src/expr.c:156:6: note: Assuming 'data' is not equal to null
#         if (data == NULL)
#             ^~~~~~~~~~~~
25. libnftnl-1.0.6/src/expr.c:156:2: note: Taking false branch
#         if (data == NULL)
#         ^
28. libnftnl-1.0.6/src/expr.c:159:15: note: The left operand of '!=' is a garbage value
#         if (data_len != sizeof(uint16_t))
#             ~~~~~~~~ ^
#   157|   		return 0;
#   158|   
#   159|-> 	if (data_len != sizeof(uint16_t))
#   160|   		return 0;
#   161|   



1. libnftnl-1.0.6/src/expr.c:143:15: warning: The left operand of '!=' is a garbage value
#         if (data_len != sizeof(uint8_t))
#             ~~~~~~~~ ^
4. libnftnl-1.0.6/src/expr.c:137:2: note: 'data_len' declared without an initial value
#         uint32_t data_len;
#         ^~~~~~~~~~~~~~~~~
7. libnftnl-1.0.6/src/expr.c:139:9: note: Calling 'nftnl_expr_get'
#         data = nftnl_expr_get(expr, type, &data_len);
#                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/expr.c:118:2: note: Taking false branch
#         if (!(expr->flags & (1 << type)))
#         ^
13. libnftnl-1.0.6/src/expr.c:121:2: note: Control jumps to 'case NFTNL_EXPR_NAME:' at line 122
#         switch(type) {
#         ^
16. libnftnl-1.0.6/src/expr.c:124:3: note: Execution continues on line 130
#                 break;
#                 ^
19. libnftnl-1.0.6/src/expr.c:139:9: note: Returning from 'nftnl_expr_get'
#         data = nftnl_expr_get(expr, type, &data_len);
#                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22. libnftnl-1.0.6/src/expr.c:140:6: note: Assuming 'data' is not equal to null
#         if (data == NULL)
#             ^~~~~~~~~~~~
25. libnftnl-1.0.6/src/expr.c:140:2: note: Taking false branch
#         if (data == NULL)
#         ^
28. libnftnl-1.0.6/src/expr.c:143:15: note: The left operand of '!=' is a garbage value
#         if (data_len != sizeof(uint8_t))
#             ~~~~~~~~ ^
#   141|   		return 0;
#   142|   
#   143|-> 	if (data_len != sizeof(uint8_t))
#   144|   		return 0;
#   145|   



1. libnftnl-1.0.6/src/chain.c:359:35: warning: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(int8_t));
#                                          ^
4. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
7. libnftnl-1.0.6/src/chain.c:356:2: note: 'data_len' declared without an initial value
#         uint32_t data_len;
#         ^~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/chain.c:357:23: note: Calling 'nftnl_chain_get_data'
#         const uint8_t *val = nftnl_chain_get_data(c, attr, &data_len);
#                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13. libnftnl-1.0.6/src/chain.c:266:2: note: Taking false branch
#         if (!(c->flags & (1 << attr)))
#         ^
16. libnftnl-1.0.6/src/chain.c:269:2: note: Control jumps to 'case NFTNL_CHAIN_NAME:' at line 270
#         switch(attr) {
#         ^
19. libnftnl-1.0.6/src/chain.c:357:23: note: Returning from 'nftnl_chain_get_data'
#         const uint8_t *val = nftnl_chain_get_data(c, attr, &data_len);
#                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22. libnftnl-1.0.6/src/chain.c:359:2: note: Left side of '||' is false
#         nftnl_assert(val, attr, data_len == sizeof(int8_t));
#         ^
25. libnftnl-1.0.6/include/utils.h:34:5: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#     ^
28. libnftnl-1.0.6/src/chain.c:359:35: note: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(int8_t));
#                                 ~~~~~~~~ ^
31. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
#   357|   	const uint8_t *val = nftnl_chain_get_data(c, attr, &data_len);
#   358|   
#   359|-> 	nftnl_assert(val, attr, data_len == sizeof(int8_t));
#   360|   
#   361|   	return val ? *val : 0;



1. libnftnl-1.0.6/src/chain.c:348:35: warning: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(int64_t));
#                                          ^
4. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
7. libnftnl-1.0.6/src/chain.c:345:2: note: 'data_len' declared without an initial value
#         uint32_t data_len;
#         ^~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/chain.c:346:24: note: Calling 'nftnl_chain_get_data'
#         const uint64_t *val = nftnl_chain_get_data(c, attr, &data_len);
#                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13. libnftnl-1.0.6/src/chain.c:266:2: note: Taking false branch
#         if (!(c->flags & (1 << attr)))
#         ^
16. libnftnl-1.0.6/src/chain.c:269:2: note: Control jumps to 'case NFTNL_CHAIN_NAME:' at line 270
#         switch(attr) {
#         ^
19. libnftnl-1.0.6/src/chain.c:346:24: note: Returning from 'nftnl_chain_get_data'
#         const uint64_t *val = nftnl_chain_get_data(c, attr, &data_len);
#                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22. libnftnl-1.0.6/src/chain.c:348:2: note: Left side of '||' is false
#         nftnl_assert(val, attr, data_len == sizeof(int64_t));
#         ^
25. libnftnl-1.0.6/include/utils.h:34:5: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#     ^
28. libnftnl-1.0.6/src/chain.c:348:35: note: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(int64_t));
#                                 ~~~~~~~~ ^
31. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
#   346|   	const uint64_t *val = nftnl_chain_get_data(c, attr, &data_len);
#   347|   
#   348|-> 	nftnl_assert(val, attr, data_len == sizeof(int64_t));
#   349|   
#   350|   	return val ? *val : 0;



1. libnftnl-1.0.6/src/chain.c:337:35: warning: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(int32_t));
#                                          ^
4. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
7. libnftnl-1.0.6/src/chain.c:334:2: note: 'data_len' declared without an initial value
#         uint32_t data_len;
#         ^~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/chain.c:335:23: note: Calling 'nftnl_chain_get_data'
#         const int32_t *val = nftnl_chain_get_data(c, attr, &data_len);
#                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13. libnftnl-1.0.6/src/chain.c:266:2: note: Taking false branch
#         if (!(c->flags & (1 << attr)))
#         ^
16. libnftnl-1.0.6/src/chain.c:269:2: note: Control jumps to 'case NFTNL_CHAIN_NAME:' at line 270
#         switch(attr) {
#         ^
19. libnftnl-1.0.6/src/chain.c:335:23: note: Returning from 'nftnl_chain_get_data'
#         const int32_t *val = nftnl_chain_get_data(c, attr, &data_len);
#                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22. libnftnl-1.0.6/src/chain.c:337:2: note: Left side of '||' is false
#         nftnl_assert(val, attr, data_len == sizeof(int32_t));
#         ^
25. libnftnl-1.0.6/include/utils.h:34:5: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#     ^
28. libnftnl-1.0.6/src/chain.c:337:35: note: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(int32_t));
#                                 ~~~~~~~~ ^
31. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
#   335|   	const int32_t *val = nftnl_chain_get_data(c, attr, &data_len);
#   336|   
#   337|-> 	nftnl_assert(val, attr, data_len == sizeof(int32_t));
#   338|   
#   339|   	return val ? *val : 0;



1. libnftnl-1.0.6/src/chain.c:326:35: warning: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(uint32_t));
#                                          ^
4. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
7. libnftnl-1.0.6/src/chain.c:323:2: note: 'data_len' declared without an initial value
#         uint32_t data_len;
#         ^~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/chain.c:324:24: note: Calling 'nftnl_chain_get_data'
#         const uint32_t *val = nftnl_chain_get_data(c, attr, &data_len);
#                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13. libnftnl-1.0.6/src/chain.c:266:2: note: Taking false branch
#         if (!(c->flags & (1 << attr)))
#         ^
16. libnftnl-1.0.6/src/chain.c:269:2: note: Control jumps to 'case NFTNL_CHAIN_NAME:' at line 270
#         switch(attr) {
#         ^
19. libnftnl-1.0.6/src/chain.c:324:24: note: Returning from 'nftnl_chain_get_data'
#         const uint32_t *val = nftnl_chain_get_data(c, attr, &data_len);
#                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22. libnftnl-1.0.6/src/chain.c:326:2: note: Left side of '||' is false
#         nftnl_assert(val, attr, data_len == sizeof(uint32_t));
#         ^
25. libnftnl-1.0.6/include/utils.h:34:5: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#     ^
28. libnftnl-1.0.6/src/chain.c:326:35: note: The left operand of '==' is a garbage value
#         nftnl_assert(val, attr, data_len == sizeof(uint32_t));
#                                 ~~~~~~~~ ^
31. libnftnl-1.0.6/include/utils.h:34:13: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#             ^
#   324|   	const uint32_t *val = nftnl_chain_get_data(c, attr, &data_len);
#   325|   
#   326|-> 	nftnl_assert(val, attr, data_len == sizeof(uint32_t));
#   327|   
#   328|   	return val ? *val : 0;



1. libnftnl-1.0.6/src/chain.c:208:15: warning: Dereference of null pointer
#                 c->family = *((uint32_t *)data);
#                             ^~~~~~~~~~~~~~~~~~~
4. libnftnl-1.0.6/src/chain.c:171:2: note: Taking false branch
#         if (attr > NFTNL_CHAIN_MAX)
#         ^
7. libnftnl-1.0.6/src/chain.c:174:2: note: Assuming 'data' is null
#         nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len);
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/include/utils.h:40:6: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#             ^~~~~
13. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
14. libnftnl-1.0.6/include/utils.h:40:2: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#         ^
17. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
18. libnftnl-1.0.6/include/utils.h:42:2: note: expanded from macro 'nftnl_assert_validate'
#         if (_validate_array[_attr])                                             \
#         ^
21. libnftnl-1.0.6/src/chain.c:174:2: note: Left side of '||' is true
22. libnftnl-1.0.6/include/utils.h:43:3: note: expanded from macro 'nftnl_assert_validate'
#                 nftnl_assert(data, attr, _validate_array[_attr] == _data_len);  \
#                 ^
25. libnftnl-1.0.6/include/utils.h:34:10: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#          ^
28. libnftnl-1.0.6/src/chain.c:176:2: note: Control jumps to 'case NFTNL_CHAIN_FAMILY:' at line 207
#         switch(attr) {
#         ^
31. libnftnl-1.0.6/src/chain.c:208:15: note: Dereference of null pointer
#                 c->family = *((uint32_t *)data);
#                             ^~~~~~~~~~~~~~~~~~~
#   206|   		break;
#   207|   	case NFTNL_CHAIN_FAMILY:
#   208|-> 		c->family = *((uint32_t *)data);
#   209|   		break;
#   210|   	case NFTNL_CHAIN_TYPE:



1. libnftnl-1.0.6/src/chain.c:205:15: warning: Dereference of null pointer
#                 c->handle = *((uint64_t *)data);
#                             ^~~~~~~~~~~~~~~~~~~
4. libnftnl-1.0.6/src/chain.c:171:2: note: Taking false branch
#         if (attr > NFTNL_CHAIN_MAX)
#         ^
7. libnftnl-1.0.6/src/chain.c:174:2: note: Assuming 'data' is null
#         nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len);
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/include/utils.h:40:6: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#             ^~~~~
13. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
14. libnftnl-1.0.6/include/utils.h:40:2: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#         ^
17. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
18. libnftnl-1.0.6/include/utils.h:42:2: note: expanded from macro 'nftnl_assert_validate'
#         if (_validate_array[_attr])                                             \
#         ^
21. libnftnl-1.0.6/src/chain.c:174:2: note: Left side of '||' is true
22. libnftnl-1.0.6/include/utils.h:43:3: note: expanded from macro 'nftnl_assert_validate'
#                 nftnl_assert(data, attr, _validate_array[_attr] == _data_len);  \
#                 ^
25. libnftnl-1.0.6/include/utils.h:34:10: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#          ^
28. libnftnl-1.0.6/src/chain.c:176:2: note: Control jumps to 'case NFTNL_CHAIN_HANDLE:' at line 204
#         switch(attr) {
#         ^
31. libnftnl-1.0.6/src/chain.c:205:15: note: Dereference of null pointer
#                 c->handle = *((uint64_t *)data);
#                             ^~~~~~~~~~~~~~~~~~~
#   203|   		break;
#   204|   	case NFTNL_CHAIN_HANDLE:
#   205|-> 		c->handle = *((uint64_t *)data);
#   206|   		break;
#   207|   	case NFTNL_CHAIN_FAMILY:



1. libnftnl-1.0.6/src/chain.c:202:16: warning: Dereference of null pointer
#                 c->packets = *((uint64_t *)data);
#                              ^~~~~~~~~~~~~~~~~~~
4. libnftnl-1.0.6/src/chain.c:171:2: note: Taking false branch
#         if (attr > NFTNL_CHAIN_MAX)
#         ^
7. libnftnl-1.0.6/src/chain.c:174:2: note: Assuming 'data' is null
#         nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len);
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/include/utils.h:40:6: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#             ^~~~~
13. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
14. libnftnl-1.0.6/include/utils.h:40:2: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#         ^
17. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
18. libnftnl-1.0.6/include/utils.h:42:2: note: expanded from macro 'nftnl_assert_validate'
#         if (_validate_array[_attr])                                             \
#         ^
21. libnftnl-1.0.6/src/chain.c:174:2: note: Left side of '||' is true
22. libnftnl-1.0.6/include/utils.h:43:3: note: expanded from macro 'nftnl_assert_validate'
#                 nftnl_assert(data, attr, _validate_array[_attr] == _data_len);  \
#                 ^
25. libnftnl-1.0.6/include/utils.h:34:10: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#          ^
28. libnftnl-1.0.6/src/chain.c:176:2: note: Control jumps to 'case NFTNL_CHAIN_PACKETS:' at line 201
#         switch(attr) {
#         ^
31. libnftnl-1.0.6/src/chain.c:202:16: note: Dereference of null pointer
#                 c->packets = *((uint64_t *)data);
#                              ^~~~~~~~~~~~~~~~~~~
#   200|   		break;
#   201|   	case NFTNL_CHAIN_PACKETS:
#   202|-> 		c->packets = *((uint64_t *)data);
#   203|   		break;
#   204|   	case NFTNL_CHAIN_HANDLE:



1. libnftnl-1.0.6/src/chain.c:199:14: warning: Dereference of null pointer
#                 c->bytes = *((uint64_t *)data);
#                            ^~~~~~~~~~~~~~~~~~~
4. libnftnl-1.0.6/src/chain.c:171:2: note: Taking false branch
#         if (attr > NFTNL_CHAIN_MAX)
#         ^
7. libnftnl-1.0.6/src/chain.c:174:2: note: Assuming 'data' is null
#         nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len);
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/include/utils.h:40:6: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#             ^~~~~
13. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
14. libnftnl-1.0.6/include/utils.h:40:2: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#         ^
17. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
18. libnftnl-1.0.6/include/utils.h:42:2: note: expanded from macro 'nftnl_assert_validate'
#         if (_validate_array[_attr])                                             \
#         ^
21. libnftnl-1.0.6/src/chain.c:174:2: note: Left side of '||' is true
22. libnftnl-1.0.6/include/utils.h:43:3: note: expanded from macro 'nftnl_assert_validate'
#                 nftnl_assert(data, attr, _validate_array[_attr] == _data_len);  \
#                 ^
25. libnftnl-1.0.6/include/utils.h:34:10: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#          ^
28. libnftnl-1.0.6/src/chain.c:176:2: note: Control jumps to 'case NFTNL_CHAIN_BYTES:' at line 198
#         switch(attr) {
#         ^
31. libnftnl-1.0.6/src/chain.c:199:14: note: Dereference of null pointer
#                 c->bytes = *((uint64_t *)data);
#                            ^~~~~~~~~~~~~~~~~~~
#   197|   		break;
#   198|   	case NFTNL_CHAIN_BYTES:
#   199|-> 		c->bytes = *((uint64_t *)data);
#   200|   		break;
#   201|   	case NFTNL_CHAIN_PACKETS:



1. libnftnl-1.0.6/src/chain.c:196:12: warning: Dereference of null pointer
#                 c->use = *((uint32_t *)data);
#                          ^~~~~~~~~~~~~~~~~~~
4. libnftnl-1.0.6/src/chain.c:171:2: note: Taking false branch
#         if (attr > NFTNL_CHAIN_MAX)
#         ^
7. libnftnl-1.0.6/src/chain.c:174:2: note: Assuming 'data' is null
#         nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len);
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/include/utils.h:40:6: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#             ^~~~~
13. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
14. libnftnl-1.0.6/include/utils.h:40:2: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#         ^
17. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
18. libnftnl-1.0.6/include/utils.h:42:2: note: expanded from macro 'nftnl_assert_validate'
#         if (_validate_array[_attr])                                             \
#         ^
21. libnftnl-1.0.6/src/chain.c:174:2: note: Left side of '||' is true
22. libnftnl-1.0.6/include/utils.h:43:3: note: expanded from macro 'nftnl_assert_validate'
#                 nftnl_assert(data, attr, _validate_array[_attr] == _data_len);  \
#                 ^
25. libnftnl-1.0.6/include/utils.h:34:10: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#          ^
28. libnftnl-1.0.6/src/chain.c:176:2: note: Control jumps to 'case NFTNL_CHAIN_USE:' at line 195
#         switch(attr) {
#         ^
31. libnftnl-1.0.6/src/chain.c:196:12: note: Dereference of null pointer
#                 c->use = *((uint32_t *)data);
#                          ^~~~~~~~~~~~~~~~~~~
#   194|   		break;
#   195|   	case NFTNL_CHAIN_USE:
#   196|-> 		c->use = *((uint32_t *)data);
#   197|   		break;
#   198|   	case NFTNL_CHAIN_BYTES:



1. libnftnl-1.0.6/src/chain.c:193:15: warning: Dereference of null pointer
#                 c->policy = *((uint32_t *)data);
#                             ^~~~~~~~~~~~~~~~~~~
4. libnftnl-1.0.6/src/chain.c:171:2: note: Taking false branch
#         if (attr > NFTNL_CHAIN_MAX)
#         ^
7. libnftnl-1.0.6/src/chain.c:174:2: note: Assuming 'data' is null
#         nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len);
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/include/utils.h:40:6: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#             ^~~~~
13. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
14. libnftnl-1.0.6/include/utils.h:40:2: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#         ^
17. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
18. libnftnl-1.0.6/include/utils.h:42:2: note: expanded from macro 'nftnl_assert_validate'
#         if (_validate_array[_attr])                                             \
#         ^
21. libnftnl-1.0.6/src/chain.c:174:2: note: Left side of '||' is true
22. libnftnl-1.0.6/include/utils.h:43:3: note: expanded from macro 'nftnl_assert_validate'
#                 nftnl_assert(data, attr, _validate_array[_attr] == _data_len);  \
#                 ^
25. libnftnl-1.0.6/include/utils.h:34:10: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#          ^
28. libnftnl-1.0.6/src/chain.c:176:2: note: Control jumps to 'case NFTNL_CHAIN_POLICY:' at line 192
#         switch(attr) {
#         ^
31. libnftnl-1.0.6/src/chain.c:193:15: note: Dereference of null pointer
#                 c->policy = *((uint32_t *)data);
#                             ^~~~~~~~~~~~~~~~~~~
#   191|   		break;
#   192|   	case NFTNL_CHAIN_POLICY:
#   193|-> 		c->policy = *((uint32_t *)data);
#   194|   		break;
#   195|   	case NFTNL_CHAIN_USE:



1. libnftnl-1.0.6/src/chain.c:190:3: warning: Null pointer passed as an argument to a 'nonnull' parameter
#                 memcpy(&c->prio, data, sizeof(c->prio));
#                 ^                ~~~~
4. libnftnl-1.0.6/src/chain.c:171:2: note: Taking false branch
#         if (attr > NFTNL_CHAIN_MAX)
#         ^
7. libnftnl-1.0.6/src/chain.c:174:2: note: Assuming 'data' is null
#         nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len);
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/include/utils.h:40:6: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#             ^~~~~
13. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
14. libnftnl-1.0.6/include/utils.h:40:2: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#         ^
17. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
18. libnftnl-1.0.6/include/utils.h:42:2: note: expanded from macro 'nftnl_assert_validate'
#         if (_validate_array[_attr])                                             \
#         ^
21. libnftnl-1.0.6/src/chain.c:174:2: note: Left side of '||' is true
22. libnftnl-1.0.6/include/utils.h:43:3: note: expanded from macro 'nftnl_assert_validate'
#                 nftnl_assert(data, attr, _validate_array[_attr] == _data_len);  \
#                 ^
25. libnftnl-1.0.6/include/utils.h:34:10: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#          ^
28. libnftnl-1.0.6/src/chain.c:176:2: note: Control jumps to 'case NFTNL_CHAIN_PRIO:' at line 189
#         switch(attr) {
#         ^
31. libnftnl-1.0.6/src/chain.c:190:3: note: Null pointer passed as an argument to a 'nonnull' parameter
#                 memcpy(&c->prio, data, sizeof(c->prio));
#                 ^                ~~~~
#   188|   		break;
#   189|   	case NFTNL_CHAIN_PRIO:
#   190|-> 		memcpy(&c->prio, data, sizeof(c->prio));
#   191|   		break;
#   192|   	case NFTNL_CHAIN_POLICY:



1. libnftnl-1.0.6/src/chain.c:187:3: warning: Null pointer passed as an argument to a 'nonnull' parameter
#                 memcpy(&c->hooknum, data, sizeof(c->hooknum));
#                 ^                   ~~~~
4. libnftnl-1.0.6/src/chain.c:171:2: note: Taking false branch
#         if (attr > NFTNL_CHAIN_MAX)
#         ^
7. libnftnl-1.0.6/src/chain.c:174:2: note: Assuming 'data' is null
#         nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len);
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/include/utils.h:40:6: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#             ^~~~~
13. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
14. libnftnl-1.0.6/include/utils.h:40:2: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#         ^
17. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
18. libnftnl-1.0.6/include/utils.h:42:2: note: expanded from macro 'nftnl_assert_validate'
#         if (_validate_array[_attr])                                             \
#         ^
21. libnftnl-1.0.6/src/chain.c:174:2: note: Left side of '||' is true
22. libnftnl-1.0.6/include/utils.h:43:3: note: expanded from macro 'nftnl_assert_validate'
#                 nftnl_assert(data, attr, _validate_array[_attr] == _data_len);  \
#                 ^
25. libnftnl-1.0.6/include/utils.h:34:10: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#          ^
28. libnftnl-1.0.6/src/chain.c:176:2: note: Control jumps to 'case NFTNL_CHAIN_HOOKNUM:' at line 186
#         switch(attr) {
#         ^
31. libnftnl-1.0.6/src/chain.c:187:3: note: Null pointer passed as an argument to a 'nonnull' parameter
#                 memcpy(&c->hooknum, data, sizeof(c->hooknum));
#                 ^                   ~~~~
#   185|   		break;
#   186|   	case NFTNL_CHAIN_HOOKNUM:
#   187|-> 		memcpy(&c->hooknum, data, sizeof(c->hooknum));
#   188|   		break;
#   189|   	case NFTNL_CHAIN_PRIO:



1. libnftnl-1.0.6/src/chain.c:178:3: warning: Null pointer argument in call to string copy function
#                 strncpy(c->name, data, NFT_CHAIN_MAXNAMELEN);
#                 ^
4. /usr/include/bits/string2.h:760:33: note: expanded from macro 'strncpy'
# #  define strncpy(dest, src, n) __builtin_strncpy (dest, src, n)
#                                 ^
7. libnftnl-1.0.6/src/chain.c:171:2: note: Taking false branch
#         if (attr > NFTNL_CHAIN_MAX)
#         ^
10. libnftnl-1.0.6/src/chain.c:174:2: note: Assuming 'data' is null
#         nftnl_assert_validate(data, nftnl_chain_validate, attr, data_len);
#         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13. libnftnl-1.0.6/include/utils.h:40:6: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#             ^~~~~
16. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
17. libnftnl-1.0.6/include/utils.h:40:2: note: expanded from macro 'nftnl_assert_validate'
#         if (!data)                                                              \
#         ^
20. libnftnl-1.0.6/src/chain.c:174:2: note: Taking true branch
21. libnftnl-1.0.6/include/utils.h:42:2: note: expanded from macro 'nftnl_assert_validate'
#         if (_validate_array[_attr])                                             \
#         ^
24. libnftnl-1.0.6/src/chain.c:174:2: note: Left side of '||' is true
25. libnftnl-1.0.6/include/utils.h:43:3: note: expanded from macro 'nftnl_assert_validate'
#                 nftnl_assert(data, attr, _validate_array[_attr] == _data_len);  \
#                 ^
28. libnftnl-1.0.6/include/utils.h:34:10: note: expanded from macro 'nftnl_assert'
#   ((!val || expr)                                       \
#          ^
31. libnftnl-1.0.6/src/chain.c:176:2: note: Control jumps to 'case NFTNL_CHAIN_NAME:' at line 177
#         switch(attr) {
#         ^
34. libnftnl-1.0.6/src/chain.c:178:3: note: Null pointer argument in call to string copy function
#                 strncpy(c->name, data, NFT_CHAIN_MAXNAMELEN);
#                 ^                ~~~~
37. /usr/include/bits/string2.h:760:33: note: expanded from macro 'strncpy'
# #  define strncpy(dest, src, n) __builtin_strncpy (dest, src, n)
#                                 ^
#   176|   	switch(attr) {
#   177|   	case NFTNL_CHAIN_NAME:
#   178|-> 		strncpy(c->name, data, NFT_CHAIN_MAXNAMELEN);
#   179|   		break;
#   180|   	case NFTNL_CHAIN_TABLE:



1. libnftnl-1.0.6/src/batch.c:44:9: warning: Potential leak of memory pointed to by 'buf'
#         return page;
#                ^
4. libnftnl-1.0.6/src/batch.c:104:2: note: Taking false branch
#         if (mnl_nlmsg_batch_next(batch->current_page->batch))
#         ^
7. libnftnl-1.0.6/src/batch.c:109:9: note: Calling 'nftnl_batch_page_alloc'
#         page = nftnl_batch_page_alloc(batch);
#                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10. libnftnl-1.0.6/src/batch.c:33:6: note: Assuming 'page' is not equal to null
#         if (page == NULL)
#             ^~~~~~~~~~~~
13. libnftnl-1.0.6/src/batch.c:33:2: note: Taking false branch
#         if (page == NULL)
#         ^
16. libnftnl-1.0.6/src/batch.c:36:8: note: Memory is allocated
#         buf = malloc(batch->page_size + batch->page_overrun_size);
#               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
19. libnftnl-1.0.6/src/batch.c:37:6: note: Assuming 'buf' is not equal to null
#         if (buf == NULL)
#             ^~~~~~~~~~~
22. libnftnl-1.0.6/src/batch.c:37:2: note: Taking false branch
#         if (buf == NULL)
#         ^
25. libnftnl-1.0.6/src/batch.c:41:2: note: Taking false branch
#         if (page->batch == NULL)
#         ^
28. libnftnl-1.0.6/src/batch.c:44:9: note: Potential leak of memory pointed to by 'buf'
#         return page;
#                ^
#    42|   		goto err2;
#    43|   
#    44|-> 	return page;
#    45|   err2:
#    46|   	free(buf);

Comment 2 Phil Sutter 2016-08-10 21:40:45 UTC

The first, third, fourth, fifth and eighth through fifteenth issues are fixed by this upstream commit:

commit bda7102d60bfdab2aa3f36ebd09a119206f264d0
Author: Carlos Falgueras García <carlosfg>
Date:   Mon Jul 11 18:07:40 2016 +0200

    src: Fix nftnl_*_get_data() to return the real attribute length
    
    All getters must set the memory size of the attributes, ie. this
    includes the nul-termination in strings.
    
    For references to opaque objects hidden behind the curtain, report
    a zero size.
    
    Signed-off-by: Carlos Falgueras García <carlosfg>
    Signed-off-by: Pablo Neira Ayuso <pablo>


The sixth issue is not critical and even serves a certain illustrative purpose, namely stating explicitly what payload is being expected.

The seventh and sixteenth through twentyfourth issues are invalid: If data is NULL, nftnl_assert_validate will exit().

The twentyfifth issue is invalid: In nftnl_batch_free(), the buffer allocated
in nftnl_batch_page_alloc() is free'd again. It is just not visible as the
buffer pointer is returned by a libmnl function.


So in order to resolve this, the second issue needs to be fixed upstream and the solution backported along with the commit mentioned above.

Comment 3 Phil Sutter 2016-08-12 12:54:15 UTC

Second issue is fixed by the following upstream commit:

commit 6257aaf53ede6456e28b0224d215c811f534ff35
Author: Phil Sutter <phil>
Date:   Fri Aug 12 01:33:39 2016 +0200

    ruleset: Initialize ctx.flags before calling nftnl_ruleset_ctx_set()
    
    The called function otherwise accesses uninitialized data.
    
    Signed-off-by: Phil Sutter <phil>
    Signed-off-by: Pablo Neira Ayuso <pablo>

Comment 9 errata-xmlrpc 2017-08-01 16:53:17 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2007

Note You need to log in before you can comment on or make changes to this bug.