trace: Avoid undefined behavior in backtrace search

Skip backtrace() returned addresses that are smaller than start_offset
to avoid overflowing pointer calculation.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/utils/trace.c b/src/utils/trace.c
index 7c9a17ff8f7cbee02c90b52e748c3a3f12b28727..1ec226515c1930363e4397d394d61f0ade1e7e0d 100644 (file)
--- a/src/utils/trace.c
+++ b/src/utils/trace.c
@@ -197,6 +197,8 @@ static void wpa_trace_bfd_addr(void *pc)
        if (abfd == NULL)
                return;
 
+       if (start_offset > (uintptr_t) pc)
+               return;
        data.pc = (uintptr_t) ((u8 *) pc - start_offset);
        data.found = FALSE;
        bfd_map_over_sections(abfd, find_addr_sect, &data);
@@ -238,6 +240,8 @@ static const char * wpa_trace_bfd_addr2func(void *pc)
        if (abfd == NULL)
                return NULL;
 
+       if (start_offset > (uintptr_t) pc)
+               return NULL;
        data.pc = (uintptr_t) ((u8 *) pc - start_offset);
        data.found = FALSE;
        bfd_map_over_sections(abfd, find_addr_sect, &data);
@@ -310,6 +314,8 @@ size_t wpa_trace_calling_func(const char *buf[], size_t len)
        for (i = 0; i < btrace_num; i++) {
                struct bfd_data data;
 
+               if (start_offset > (uintptr_t) btrace_res[i])
+                       continue;
                data.pc = (uintptr_t) ((u8 *) btrace_res[i] - start_offset);
                data.found = FALSE;
                bfd_map_over_sections(abfd, find_addr_sect, &data);