BUG/MINOR: debug: fix pointer check in debug_parse_cli_task()

Task pointer check in debug_parse_cli_task() computes the theoric end
address of provided task pointer to check if it is valid or not thanks to
may_access() helper function.

However, relative ending address is calculated by adding task size to 't'
pointer (which is a struct task pointer), thus it will result to incorrect
address since the compiler automatically translates 't + x' to
't + x * sizeof(*t)' internally (with sizeof(*t) != 1 here).

Solving the issue by using 'ptr' (which is the void * raw address) as
starting address to prevent automatic address scaling.

This was revealed by coverity, see GH #2157.

No backport is needed, unless 9867987 ("DEBUG: cli: add "debug dev task"
to show/wake/expire/kill tasks and tasklets") gets backported.

diff --git a/src/debug.c b/src/debug.c
index 67711e14b50bf90631b23c0d4108f2c1ea3749c0..474a6647f0bd94211e61f87028aa547e1c135cbb 100644 (file)
--- a/src/debug.c
+++ b/src/debug.c
@@ -1004,7 +1004,7 @@ static int debug_parse_cli_task(char **args, char *payload, struct appctx *appct
        t = ptr;
        caller = t->caller;
        msg = NULL;
-       task_ok = may_access(t + sizeof(*t) - 1);
+       task_ok = may_access(ptr + sizeof(*t) - 1);
 
        chunk_reset(&trash);
        resolve_sym_name(&trash, NULL, (const void *)t->process);