RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-01 01:32:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: quic: Floating point exception in cubic_root()

Browse Source 
It is illegal to call my_flsl() with 0 as parameter value. It is a UB.
This leaded cubic_root() to divide values by 0 at this line:

  x = 2 * x + (uint32_t)(val / ((uint64_t)x * (uint64_t)(x - 1)));

Thank you to Tristan971 for having reported this issue in GH #1808
and Willy for having spotted the root cause of this bug.

Must follow any cubic for QUIC backport (2.6).
This commit is contained in:
Frédéric Lécaille 2022-08-03 12:49:30 +02:00
parent 8ddde4f05e
commit 2c77a5eb8e
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/quic_cc_cubic.c
View File

@ -75,8 +75,7 @@ static uint32_t cubic_root(uint64_t val)
244, 245, 246, 248, 250, 251, 252, 254,
};
b = my_flsl(val);
if (b < 7) {
if (!val || (b = my_flsl(val)) < 7) {
/* val in [0..63] */
return ((uint32_t)v[(uint32_t)val] + 35) >> 6;
}