UBSan: Avoid unsigned integer overflow is throughput estimation

wpa_scan_result_compar() would return wb->est_throughput -
wa->est_throughput in case the comparison is done based on the
throughput estimates. While the return value from this function is a
signed integer, these est_throughput values are unsigned integers and
need to be explicitly typecast to avoid an UBSan warning.

scan.c:1996:30: runtime error: unsigned integer overflow: 54000 - 135000 cannot be represented in type 'unsigned int'

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index 727c49ad4da9634061858aba5ab9d9657ebfdd24..7abb028dd34448ca0b5978382613d95012dcae0f 100644 (file)
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -1,6 +1,6 @@
 /*
  * WPA Supplicant - Scanning
- * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -1993,7 +1993,8 @@ static int wpa_scan_result_compar(const void *a, const void *b)
        /* if SNR is close, decide by max rate or frequency band */
        if (snr_a && snr_b && abs(snr_b - snr_a) < 7) {
                if (wa->est_throughput != wb->est_throughput)
-                       return wb->est_throughput - wa->est_throughput;
+                       return (int) wb->est_throughput -
+                               (int) wa->est_throughput;
        }
        if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) ||
            (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) {