UBSan: Avoid size_t variable overflow in control interface

The loop "if (i-- == 0) break" style construction works in practice fine
since the check against 0 is done before decrementation. However, this
hits an UBSan warning, so split that decrementation to happen as a
separate step after the check and break from the loop.

ctrl_iface.c:5086:9: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long')

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-02-23 12:49:17 +02:00
parent ec2e7c4cfa
commit 01d01a311c

View file

@ -5083,10 +5083,11 @@ static int wpa_supplicant_ctrl_iface_bss(struct wpa_supplicant *wpa_s,
bss = NULL; bss = NULL;
dl_list_for_each(tmp, &wpa_s->bss_id, struct wpa_bss, list_id) dl_list_for_each(tmp, &wpa_s->bss_id, struct wpa_bss, list_id)
{ {
if (i-- == 0) { if (i == 0) {
bss = tmp; bss = tmp;
break; break;
} }
i--;
} }
} }