From b6a24a52a2efc597624521de752256a5c4ee5c5b Mon Sep 17 00:00:00 2001 From: Aurelien DARRAGON Date: Mon, 15 May 2023 11:59:08 +0200 Subject: [PATCH] BUG/MINOR: debug: fix pointer check in debug_parse_cli_task() Task pointer check in debug_parse_cli_task() computes the theoric end address of provided task pointer to check if it is valid or not thanks to may_access() helper function. However, relative ending address is calculated by adding task size to 't' pointer (which is a struct task pointer), thus it will result to incorrect address since the compiler automatically translates 't + x' to 't + x * sizeof(*t)' internally (with sizeof(*t) != 1 here). Solving the issue by using 'ptr' (which is the void * raw address) as starting address to prevent automatic address scaling. This was revealed by coverity, see GH #2157. No backport is needed, unless 9867987 ("DEBUG: cli: add "debug dev task" to show/wake/expire/kill tasks and tasklets") gets backported. --- src/debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/debug.c b/src/debug.c index 67711e14b..474a6647f 100644 --- a/src/debug.c +++ b/src/debug.c @@ -1004,7 +1004,7 @@ static int debug_parse_cli_task(char **args, char *payload, struct appctx *appct t = ptr; caller = t->caller; msg = NULL; - task_ok = may_access(t + sizeof(*t) - 1); + task_ok = may_access(ptr + sizeof(*t) - 1); chunk_reset(&trash); resolve_sym_name(&trash, NULL, (const void *)t->process); -- 2.47.3