gnrc/rpl: fix incorrect addition overflow check

[szsam]

Contribution description

Checking for overflow of integer addition by comparing against one of the arguments of the addition does not work when the result of the addition is automatically promoted to a larger type.

Fix by using an explicit cast to make sure that the result of the addition is not implicitly converted to a larger type.

Testing procedure

make -C examples/gnrc_networking

Issues/PRs references

[maribu]

Thx for spotting this

[riot-ci]

Murdock results

✔️ PASSED

fe92f67 gnrc/rpl: fix incorrect addition overflow check

Success	Failures	Total	Runtime
6934	0	6934	10m:41s

Artifacts

• Documentation preview

[maribu]

bors merge

[maribu]

bors retry

[bors]

Already running a review

[maribu]

Already running a review

That's a lie :-(

bors cancel
bors merge

[bors]

Canceled.

[bors]

Build succeeded!

The publicly hosted instance of bors-ng is deprecated and will go away soon.

If you want to self-host your own instance, instructions are here.
For more help, visit the forum.

If you want to switch to GitHub's built-in merge queue, visit their help page.

• Murdock
• static-tests
• tools-build-success

[akulpillai]

Hi! I’m a student researcher working with @szsam. We have identified this patch as one for a security vulnerability.

Will a CVE be issued for this?

[Machiry]

Hello @maribu, @benpicco ,

My name is Aravind Machiry, Assistant Professor at Purdue's ECE Department.

Thank you for considering this pull request. This pull request was the result of our on-going research work (along with @szsam) to improve the security of open-source embedded projects.

In addition to scanning codebases with CodeQL, we are also doing a short (~4 minutes) survey to understand the use of static analysis tools like gcc -Wall and CodeQL in embedded software projects.

It would greatly benefit our research if you could fill this anonymous survey: https://purdue.ca1.qualtrics.com/jfe/form/SV_0OnXfr5plPe1QCa

Thank you,
Aravind