segtree: incorrect type when aggregating concatenated set ranges

Uncovered by the compound_expr_remove() replacement by type safe function
coming after this patch.

Add expression to the concatenation which is reachable via expr_value().

This bug is subtle, I could not spot any reproducible buggy behaviour
when using the wrong type when running the existing tests.

Fixes: 8ac2f3b2fca3 ("src: Add support for concatenated set ranges")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/segtree.c b/src/segtree.c
index 70b4416cf39bfb5f6ebd7ca46b6133df588fd181..fd77e03fbff520a1e44d466b2d4be17f03d2a78a 100644 (file)
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -448,7 +448,7 @@ next:
                        mpz_clear(range);
 
                        r2 = list_entry(r2_next, typeof(*r2), list);
-                       compound_expr_remove(start, r1);
+                       compound_expr_remove(expr_value(start), r1);
 
                        if (free_r1)
                                expr_free(r1);