BUG/MEDIUM: quic: Floating point exception in cubic_root()

It is illegal to call my_flsl() with 0 as parameter value. It is a UB.
This leaded cubic_root() to divide values by 0 at this line:

  x = 2 * x + (uint32_t)(val / ((uint64_t)x * (uint64_t)(x - 1)));

Thank you to Tristan971 for having reported this issue in GH #1808
and Willy for having spotted the root cause of this bug.

Must follow any cubic for QUIC backport (2.6).

diff --git a/src/quic_cc_cubic.c b/src/quic_cc_cubic.c
index be48b6fee0adb5a7cb65413a1ba0eb8e80a17907..dc6ef9fc0e75d3354e5fca016308ef4821a00981 100644 (file)
--- a/src/quic_cc_cubic.c
+++ b/src/quic_cc_cubic.c
@@ -75,8 +75,7 @@ static uint32_t cubic_root(uint64_t val)
                244,  245,  246,  248,  250,  251,  252,  254,
        };
 
-       b = my_flsl(val);
-       if (b < 7) {
+       if (!val || (b = my_flsl(val)) < 7) {
                /* val in [0..63] */
                return ((uint32_t)v[(uint32_t)val] + 35) >> 6;
        }