From 3eb6e723216460fcdc69d4324f5a996852cfc06d Mon Sep 17 00:00:00 2001 From: Kirill Isakov Date: Wed, 25 May 2022 22:52:06 +0600 Subject: [PATCH] Fix UB pointer comparison in event.c ==36472==ERROR: AddressSanitizer: invalid-pointer-pair: 0x000000e9de00 0x608000000db0 #0 0x4d0658 in timeout_compare /home/runner/work/tinc/tinc/openssl3/../src/event.c:97:7 #1 0x55a3af in splay_top_down /home/runner/work/tinc/tinc/openssl3/../src/splay_tree.c:41:13 #2 0x559868 in splay_search_closest_node /home/runner/work/tinc/tinc/openssl3/../src/splay_tree.c:378:9 #3 0x55cd54 in splay_insert_node /home/runner/work/tinc/tinc/openssl3/../src/splay_tree.c:446:13 #4 0x4cecfc in timeout_set /home/runner/work/tinc/tinc/openssl3/../src/event.c:267:6 #5 0x4d3c49 in retry /home/runner/work/tinc/tinc/openssl3/../src/net.c:477:2 #6 0x53f274 in control_h /home/runner/work/tinc/tinc/openssl3/../src/control.c:96:3 #7 0x500a44 in receive_request /home/runner/work/tinc/tinc/openssl3/../src/protocol.c:180:7 #8 0x5485b2 in receive_meta /home/runner/work/tinc/tinc/openssl3/../src/meta.c:308:19 #9 0x4d1c18 in handle_meta_connection_data /home/runner/work/tinc/tinc/openssl3/../src/net.c:305:6 #10 0x4fa3cc in handle_meta_io /home/runner/work/tinc/tinc/openssl3/../src/net_socket.c:560:3 #11 0x4cfbe3 in event_loop /home/runner/work/tinc/tinc/openssl3/../src/event.c:453:5 #12 0x4d4127 in main_loop /home/runner/work/tinc/tinc/openssl3/../src/net.c:508:6 #13 0x4cbe24 in main /home/runner/work/tinc/tinc/openssl3/../src/tincd.c:702:11 #14 0x7f1900c1e082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #15 0x41eafd in _start (/home/runner/work/tinc/tinc/openssl3/src/tincd+0x41eafd) 0x000000e9de00 is located 0 bytes inside of global variable 'pingtimer' defined in '../src/net.c:44:18' (0xe9de00) of size 80 0x608000000db0 is located 16 bytes inside of 96-byte region [0x608000000da0,0x608000000e00) allocated by thread T0 here: #0 0x499ed2 in calloc (/home/runner/work/tinc/tinc/openssl3/src/tincd+0x499ed2) #1 0x4fc6a9 in xzalloc /home/runner/work/tinc/tinc/openssl3/../src/xalloc.h:41:12 #2 0x4fbfb0 in try_outgoing_connections /home/runner/work/tinc/tinc/openssl3/../src/net_socket.c:855:27 #3 0x4d31ac in reload_configuration /home/runner/work/tinc/tinc/openssl3/../src/net.c:435:2 #4 0x53f2bd in control_h /home/runner/work/tinc/tinc/openssl3/../src/control.c:101:16 #5 0x500a44 in receive_request /home/runner/work/tinc/tinc/openssl3/../src/protocol.c:180:7 #6 0x5485b2 in receive_meta /home/runner/work/tinc/tinc/openssl3/../src/meta.c:308:19 #7 0x4d1c18 in handle_meta_connection_data /home/runner/work/tinc/tinc/openssl3/../src/net.c:305:6 #8 0x4fa3cc in handle_meta_io /home/runner/work/tinc/tinc/openssl3/../src/net_socket.c:560:3 #9 0x4cfbe3 in event_loop /home/runner/work/tinc/tinc/openssl3/../src/event.c:453:5 #10 0x4d4127 in main_loop /home/runner/work/tinc/tinc/openssl3/../src/net.c:508:6 #11 0x4cbe24 in main /home/runner/work/tinc/tinc/openssl3/../src/tincd.c:702:11 #12 0x7f1900c1e082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) --- src/event.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/event.c b/src/event.c index 56d8fa97..05ddb47f 100644 --- a/src/event.c +++ b/src/event.c @@ -60,11 +60,14 @@ static int timeout_compare(const timeout_t *a, const timeout_t *b) { return 1; } - if(a < b) { + uintptr_t ap = (uintptr_t)a; + uintptr_t bp = (uintptr_t)b; + + if(ap < bp) { return -1; } - if(a > b) { + if(ap > bp) { return 1; } -- 2.20.1