diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 9bd899e9898a..1ff6273b4e08 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1598,7 +1598,7 @@ struct pf_pdesc { #ifdef INET6 struct icmp6_hdr icmp6; #endif /* INET6 */ - char any[0]; + char any[0] __no_subobject_bounds; } hdr; struct pf_krule *nat_rule; /* nat/rdr rule applied to packet */ @@ -1918,6 +1918,7 @@ struct pfioc_qstats_v1 { * written entirely in terms of the v0 or v1 type. */ u_int32_t version; /* Requested version of stats struct */ + void *pad; }; /* Latest version of struct pfioc_qstats_vX */ diff --git a/sys/netpfil/pf/pf.h b/sys/netpfil/pf/pf.h index 16cc9c0c8580..7edf65505525 100644 --- a/sys/netpfil/pf/pf.h +++ b/sys/netpfil/pf/pf.h @@ -296,7 +296,7 @@ struct pf_addr { u_int8_t addr8[16]; u_int16_t addr16[8]; u_int32_t addr32[4]; - }; /* 128-bit address */ + } __no_subobject_bounds; /* 128-bit address */ }; #define PFI_AFLAG_NETWORK 0x01 diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 295377bef3e8..7c2802b7b3f6 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -1478,10 +1478,10 @@ pf_normalize_tcp(struct pfi_kkif *kif, struct mbuf *m, int ipoff, (tcp_get_flags(th) & (TH_RES1|TH_RES2|TH_RES2)) != 0) { u_int16_t ov, nv; - ov = *(u_int16_t *)(&th->th_ack + 1); + ov = *(u_int16_t *)(__unbounded_addressof(th->th_ack) + 1); flags &= ~(TH_RES1 | TH_RES2 | TH_RES3); tcp_set_flags(th, flags); - nv = *(u_int16_t *)(&th->th_ack + 1); + nv = *(u_int16_t *)(__unbounded_addressof(th->th_ack) + 1); th->th_sum = pf_proto_cksum_fixup(m, th->th_sum, ov, nv, 0); rewrite = 1;