If auto-merge is enabled, skip check for element mismatch introduced by
6d1ee9267e7e ("intervals: check for EXPR_F_REMOVE in case of element
mismatch"), which is only relevant to sets with no auto-merge.
The interval adjustment routine for auto-merge already checks for
unexisting intervals in that case.
Uncovered via ASAN:
0x60d00000014c is located 60 bytes inside of 144-byte region [0x60d000000110,0x60d0000001a0)
freed by thread T0 here:
#0 0x7fbdb7eae507 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x7fbdb741a01e in xfree /home/pablo/devel/scm/git-netfilter/nftables/src/utils.c:29
#2 0x7fbdb7304473 in expr_free /home/pablo/devel/scm/git-netfilter/nftables/src/expression.c:98
#3 0x7fbdb7391fdd in adjust_elem_left /home/pablo/devel/scm/git-netfilter/nftables/src/intervals.c:304
#4 0x7fbdb73939e1 in setelem_adjust /home/pablo/devel/scm/git-netfilter/nftables/src/intervals.c:359
Fixes: 6d1ee9267e7e ("intervals: check for EXPR_F_REMOVE in case of element mismatch")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/intervals.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/intervals.c b/src/intervals.c
index 13009ca1b888..95e25cf09662 100644
--- a/src/intervals.c
+++ b/src/intervals.c
@@ -416,11 +416,12 @@ static int setelem_delete(struct list_head *msgs, struct set *set,
list_del(&i->list);
expr_free(i);
}
- } else if (set->automerge &&
- setelem_adjust(set, purge, &prev_range, &range, prev, i) < 0) {
- expr_error(msgs, i, "element does not exist");
- err = -1;
- goto err;
+ } else if (set->automerge) {
+ if (setelem_adjust(set, purge, &prev_range, &range, prev, i) < 0) {
+ expr_error(msgs, i, "element does not exist");
+ err = -1;
+ goto err;
+ }
} else if (i->flags & EXPR_F_REMOVE) {
expr_error(msgs, i, "element does not exist");
err = -1;
--
2.30.2
