On Mon, Feb 27, 2023 at 10:59:40AM +0100, Stefano Brivio wrote:
> If there are no TCP options in the header, tcp_tap_handler() will
> pass the corresponding pointer, fetched via packet_get(), as NULL to
> tcp_conn_from_sock_finish(), which in turn indirectly calls
> tcp_opt_get().
> 
> If there are no options, tcp_opt_get() will stop right away because
> the option length is indicated as zero. However, if the logic is
> complicated enough to follow for static checkers, adding an explicit
> check against NULL in tcp_opt_get() is probably a good idea.
> 
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  tcp.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tcp.c b/tcp.c
> index 41210a3..561064e 100644
> --- a/tcp.c
> +++ b/tcp.c
> @@ -1114,7 +1114,7 @@ static int tcp_opt_get(const char *opts, size_t len, uint8_t type_find,
>  {
>  	uint8_t type, optlen;
>  
> -	if (!len)
> +	if (!opts || !len)
>  		return -1;
>  
>  	for (; len >= 2; opts += optlen, len -= optlen) {

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson