From 87d9e5405a7e634b01031699ebb20fd02cb01db2 Mon Sep 17 00:00:00 2001
From: Kuan-Wei Chiu <visitorckw@gmail.com>
Date: Thu, 19 Dec 2024 02:09:57 +0800
Subject: [PATCH] http_aws_sigv4: Fix invalid compare function handling
 zero-length pairs

The compare_func() can violate the antisymmetric property required by
qsort. Specifically, when both aa->len == 0 and bb->len == 0, the
function returns conflicting results (-1 for compare_func(a, b) and -1
for compare_func(b, a)).

This violates the rules of qsort and may lead to undefined behavior,
including incorrect sorting or memory corruption in glibc [1].

Add a check to return 0 when both lengths are zero, ensuring proper
behavior and preventing undefined behavior in the sorting process.

Ref: https://www.qualys.com/2024/01/30/qsort.txt [1]

Closes #15778
---
 lib/http_aws_sigv4.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/http_aws_sigv4.c b/lib/http_aws_sigv4.c
index 1e67a3fbe9..c217d0d8e6 100644
--- a/lib/http_aws_sigv4.c
+++ b/lib/http_aws_sigv4.c
@@ -435,6 +435,8 @@ static int compare_func(const void *a, const void *b)
   const struct pair *aa = a;
   const struct pair *bb = b;
   /* If one element is empty, the other is always sorted higher */
+  if(aa->len == 0 && bb->len == 0)
+    return 0;
   if(aa->len == 0)
     return -1;
   if(bb->len == 0)