BUG/MEDIUM: quic: Floating point exception in cubic_root() It is illegal to call my_flsl() with 0 as parameter value. It is a UB. This leaded cubic_root() to divide values by 0 at this line: x = 2 * x + (uint32_t)(val / ((uint64_t)x * (uint64_t)(x - 1))); Thank you to Tristan971 for having reported this issue in GH #1808 and Willy for having spotted the root cause of this bug. Must follow any cubic for QUIC backport (2.6).

commit: 2c77a5eb8e614db4abdb335edd1872c6dc51ccf7 [log] [tgz]
author: Frédéric Lécaille <flecaille@haproxy.com> Wed Aug 03 12:49:30 2022 +0200
committer: Frédéric Lécaille <flecaille@haproxy.com> Wed Aug 03 14:27:20 2022 +0200
tree: a3a90c7846e40469a9549f5915e84dc7c628c5ab
parent: 8ddde4f05e1cc82209b6054fa8cfc4c4e0eb1788 [diff] [blame]
diff --git a/src/quic_cc_cubic.c b/src/quic_cc_cubic.c
index be48b6f..dc6ef9f 100644
--- a/src/quic_cc_cubic.c
+++ b/src/quic_cc_cubic.c

@@ -75,8 +75,7 @@
 		244,  245,  246,  248,  250,  251,  252,  254,
 	};
 
-	b = my_flsl(val);
-	if (b < 7) {
+	if (!val || (b = my_flsl(val)) < 7) {
 		/* val in [0..63] */
 		return ((uint32_t)v[(uint32_t)val] + 35) >> 6;
 	}
commit	2c77a5eb8e614db4abdb335edd1872c6dc51ccf7	[log] [tgz]
author	Frédéric Lécaille <flecaille@haproxy.com>	Wed Aug 03 12:49:30 2022 +0200
committer	Frédéric Lécaille <flecaille@haproxy.com>	Wed Aug 03 14:27:20 2022 +0200
tree	a3a90c7846e40469a9549f5915e84dc7c628c5ab
parent	8ddde4f05e1cc82209b6054fa8cfc4c4e0eb1788 [diff] [blame]