Fix ubsan error in EphemeralKeyExchangeCipherGroups::Update
In the current code the end iterator of a vector can be passed to the
single-argument variant of std::vector::erase, which is not allowed.
When removing elements using std::remove_if we need to use the two-arg
variant instead.
Detected via the EphemeralKeyExchangeCipherGroupsTest.Update test case
which triggered a nullptr-with-nonzero-offset ubsan error under OpenSSL.
Bug: webrtc:404763475
Change-Id: I9f2a28608c4bc7142783c94c0f931ac91ee43132
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/402643
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Joachim Reiersen <joachimr@meta.com>
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#45285}
diff --git a/api/crypto/crypto_options.cc b/api/crypto/crypto_options.cc
index c83e110..4c2d49c 100644
--- a/api/crypto/crypto_options.cc
+++ b/api/crypto/crypto_options.cc
@@ -127,16 +127,22 @@
field_trials);
// Remove all disabled.
if (disabled_groups) {
- default_groups.erase(std::remove_if(
- default_groups.begin(), default_groups.end(), [&](uint16_t val) {
- return std::find(disabled_groups->begin(), disabled_groups->end(),
- val) != disabled_groups->end();
- }));
- enabled_.erase(
- std::remove_if(enabled_.begin(), enabled_.end(), [&](uint16_t val) {
- return std::find(disabled_groups->begin(), disabled_groups->end(),
- val) != disabled_groups->end();
- }));
+ default_groups.erase(
+ std::remove_if(default_groups.begin(), default_groups.end(),
+ [&](uint16_t val) {
+ return std::find(disabled_groups->begin(),
+ disabled_groups->end(),
+ val) != disabled_groups->end();
+ }),
+ default_groups.end());
+ enabled_.erase(std::remove_if(enabled_.begin(), enabled_.end(),
+ [&](uint16_t val) {
+ return std::find(disabled_groups->begin(),
+ disabled_groups->end(),
+ val) !=
+ disabled_groups->end();
+ }),
+ enabled_.end());
}
// Add those enabled by field-trials first.
