~hc/RK356X_SDK_RELEASE.git

..	..	@@ -243,12 +243,12 @@
243	243	int err;
244	244	struct net *net = dev_net(skb->dev);
245	245
246		- /* Only need dccph_dport & dccph_sport which are the first
247		- * 4 bytes in dccp header.
248		- * Our caller (icmp_socket_deliver()) already pulled 8 bytes for us.
249		- */
250		- BUILD_BUG_ON(offsetofend(struct dccp_hdr, dccph_sport) > 8);
251		- BUILD_BUG_ON(offsetofend(struct dccp_hdr, dccph_dport) > 8);
	246	+ if (!pskb_may_pull(skb, offset + sizeof(*dh)))
	247	+ return -EINVAL;
	248	+ dh = (struct dccp_hdr *)(skb->data + offset);
	249	+ if (!pskb_may_pull(skb, offset + __dccp_basic_hdr_len(dh)))
	250	+ return -EINVAL;
	251	+ iph = (struct iphdr *)skb->data;
252	252	dh = (struct dccp_hdr *)(skb->data + offset);
253	253
254	254	sk = __inet_lookup_established(net, &dccp_hashinfo,