From ec2e7c4cfa171dca26977ce64953b289e2640794 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 23 Feb 2019 12:42:20 +0200 Subject: [PATCH] UBSan: Avoid unsigned integer overflow is throughput estimation wpa_scan_result_compar() would return wb->est_throughput - wa->est_throughput in case the comparison is done based on the throughput estimates. While the return value from this function is a signed integer, these est_throughput values are unsigned integers and need to be explicitly typecast to avoid an UBSan warning. scan.c:1996:30: runtime error: unsigned integer overflow: 54000 - 135000 cannot be represented in type 'unsigned int' Signed-off-by: Jouni Malinen --- wpa_supplicant/scan.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c index 727c49ad4..7abb028dd 100644 --- a/wpa_supplicant/scan.c +++ b/wpa_supplicant/scan.c @@ -1,6 +1,6 @@ /* * WPA Supplicant - Scanning - * Copyright (c) 2003-2014, Jouni Malinen + * Copyright (c) 2003-2019, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -1993,7 +1993,8 @@ static int wpa_scan_result_compar(const void *a, const void *b) /* if SNR is close, decide by max rate or frequency band */ if (snr_a && snr_b && abs(snr_b - snr_a) < 7) { if (wa->est_throughput != wb->est_throughput) - return wb->est_throughput - wa->est_throughput; + return (int) wb->est_throughput - + (int) wa->est_throughput; } if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) {