From: Guy Harris <guy@alum.mit.edu>
Date: Thu, 18 Oct 2018 19:04:06 +0000 (-0700)
Subject: Catch another place where we divide by or take a modulus by zero.
X-Git-Tag: libpcap-1.10-bp~767
X-Git-Url: https://git.tcpdump.org/libpcap/commitdiff_plain/a463e82f5f0152c3c0d7cf1ebfa56d9b099f7fee

Catch another place where we divide by or take a modulus by zero.

Credit to OSS-Fuzz for finding this issue.
---

diff --git a/optimize.c b/optimize.c
index 2258a3c9..4c2a84c1 100644
--- a/optimize.c
+++ b/optimize.c
@@ -1144,9 +1144,17 @@ opt_stmt(compiler_state_t *cstate, opt_state_t *opt_state,
 		op = BPF_OP(s->code);
 		if (alter) {
 			if (s->k == 0) {
-				/* don't optimize away "sub #0"
+				/*
+				 * Optimize operations where the constant
+				 * is zero.
+				 *
+				 * Don't optimize away "sub #0"
 				 * as it may be needed later to
-				 * fixup the generated math code */
+				 * fixup the generated math code.
+				 *
+				 * Fail if we're dividing by zero or taking
+				 * a modulus by zero.
+				 */
 				if (op == BPF_ADD ||
 				    op == BPF_LSH || op == BPF_RSH ||
 				    op == BPF_OR || op == BPF_XOR) {
@@ -1158,6 +1166,12 @@ opt_stmt(compiler_state_t *cstate, opt_state_t *opt_state,
 					val[A_ATOM] = K(s->k);
 					break;
 				}
+				if (op == BPF_DIV)
+					opt_error(cstate, opt_state,
+					    "division by zero");
+				if (op == BPF_MOD)
+					opt_error(cstate, opt_state,
+					    "modulus by zero");
 			}
 			if (opt_state->vmap[val[A_ATOM]].is_const) {
 				fold_op(cstate, opt_state, s, val[A_ATOM], K(s->k));