• Sven Eckelmann's avatar
    batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq · d285f52c
    Sven Eckelmann authored
    The undefined behavior sanatizer detected an signed integer overflow in a
    setup with near perfect link quality
    
        UBSAN: Undefined behaviour in net/batman-adv/bat_iv_ogm.c:1246:25
        signed integer overflow:
        8713350 * 255 cannot be represented in type 'int'
    
    The problems happens because the calculation of mixed unsigned and signed
    integers resulted in an integer multiplication.
    
          batadv_ogm_packet::tq (u8 255)
        * tq_own (u8 255)
        * tq_asym_penalty (int 134; max 255)
        * tq_iface_penalty (int 255; max 255)
    
    The tq_iface_penalty, tq_asym_penalty and inv_asym_penalty can just be
    changed to unsigned int because they are not expected to become negative.
    
    Fixes: c0398768 ("batman-adv: add WiFi penalty")
    Signed-off-by: default avatarSven Eckelmann <sven.eckelmann@open-mesh.com>
    Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
    Signed-off-by: default avatarAntonio Quartulli <a@unstable.cc>
    d285f52c
bat_iv_ogm.c 62.4 KB