Skip to content

[ice] Fix unhandled overflow panic in listen_udp_in_port_range #719

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 22, 2025
Merged

[ice] Fix unhandled overflow panic in listen_udp_in_port_range #719

merged 1 commit into from
Aug 22, 2025

Conversation

@lucamuscat
Copy link
Contributor

@lucamuscat lucamuscat commented Aug 22, 2025

When port_start is assigned the value u16::MAX, and the socket cannot be bound to port u16::MAX, an unhandled overflow will occur.

When building webrtc-rs using the debug profile, this overflow will lead to a panic, and worse yet in the release profile, a silent overflow and wrap around will occur, allowing listen_udp_in_port_range to bind to a port outside of the specified port range.

@lucamuscat
[ice] Avoid unchecked incrementation of port number to avoid potentia…
286368a 
…l panic due to overflow in debug, or silent overflow in release

When `port_start` is assigned the value `u16::MAX`, and the socket
cannot be bound to port `u16::MAX`, an unhandled overflow will occur.

When building webrtc-rs using the debug profile, this overflow will lead
to a panic, and worse yet in the release profile, a silent overflow and
wrap around will occur, allowing `listen_udp_in_port_range` to bind to a
port outside of the specified port range.
@lucamuscat lucamuscat force-pushed the fix-potential-panic-in-listen-udp branch from 8e38cd0 to 286368a Compare August 22, 2025 13:17
lucamuscat
lucamuscat commented Aug 22, 2025
View reviewed changes
ice/src/util/mod.rs
};

port_current += 1;
port_current = port_current.checked_add(1).unwrap_or(i);
Copy link
Contributor Author

@lucamuscat lucamuscat Aug 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If an overflow were to occur when incrementing port_current, we should wrap around to port_min instead of panicing on debug or wrapping around to zero on release.

@rainliu rainliu merged commit 813b905 into webrtc-rs:master Aug 22, 2025
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rainliu rainliu rainliu approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lucamuscat @rainliu