August 27, 2021 4:49 PM, "Dan Carpenter" <dan.carpenter@oracle.com> wrote:

> Hello Yajun Deng,
> 
> This is a semi-automatic email about new static checker warnings.

Can you test the attached?

Thanks.
> 
> The patch faf482ca196a: "net: ipv4: Move ip_options_fragment() out of 
> loop" from Aug 23, 2021, leads to the following Smatch complaint:
> 
> net/ipv4/ip_output.c:833 ip_do_fragment()
> warn: variable dereferenced before check 'iter.frag' (see line 828)
> 
> net/ipv4/ip_output.c
> 827 ip_fraglist_init(skb, iph, hlen, &iter);
> ^^^^^
> iter.frag is set here.
> 
> 828 ip_options_fragment(iter.frag);
> ^^^^^^^^^
> The patch introduces a new dereference here
> 
> 829 
> 830 for (;;) {
> 831 /* Prepare header of the next frame,
> 832 * before previous one went down. */
> 833 if (iter.frag) {
> ^^^^^^^^^
> But the old code assumed that "iter.frag" could be NULL.
> 
> 834 IPCB(iter.frag)->flags = IPCB(skb)->flags;
> 835 ip_fraglist_prepare(skb, &iter);
> 
> regards,
> dan carpenter