On Fri, Jun 13, 2025 at 05:40:20PM +0200, Phil Sutter wrote: > On Fri, Jun 13, 2025 at 04:46:06PM +0200, Florian Westphal wrote: > > Included bogo will cause a crash but this is the evaluation > > stage where we can just emit an error instead. > > > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > > --- > > I wonder if we should just replace all BUGs in evaluate.c > > with expr_error() calls, it avoids constant whack-a-mole. I think that can help uncover bugs, or are those json induced bugs? > I guess the expectation was that bison catches these but I fear JSON > parser has weakened that quite a bit. It would be good to harden json parser to reject trivial non-sense, no need to postpone this to the evaluation phase. If fuzzer can help in that regard. I understand some issues can be more easily identified from the evaluation step. I am not telling to only handle this from the parser, I mean "it depends" on the issue. > I wish libnftables to well-behave in error cases unless critical ones > like ENOMEM. Yes, I guess that's completary to my request above.
