commit 2a0a5fe6123bd87f996814991641cc404601ea55 Author: Nick Mathewson nickm@torproject.org Date: Thu Aug 21 10:19:26 2014 -0400

Explicitly cast when dividing ints then implicitly casting to double.

Coverity thinks that when we do "double x = int1/int2;", we probably meant "double x = ((double)int1) / int2;". In these cases, we didn't.

[Coverity CID 1232089 and 1232090] --- src/or/circuitstats.c | 4 +++- src/or/routerlist.c | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/or/circuitstats.c b/src/or/circuitstats.c index 5cdd534..88a1f9b 100644 --- a/src/or/circuitstats.c +++ b/src/or/circuitstats.c @@ -1371,10 +1371,11 @@ circuit_build_times_network_check_changed(circuit_build_times_t *cbt) } cbt->liveness.after_firsthop_idx = 0;

+#define MAX_TIMEOUT ((int32_t) (INT32_MAX/2)) /* Check to see if this has happened before. If so, double the timeout * to give people on abysmally bad network connections a shot at access */ if (cbt->timeout_ms >= circuit_build_times_get_initial_timeout()) { - if (cbt->timeout_ms > INT32_MAX/2 || cbt->close_ms > INT32_MAX/2) { + if (cbt->timeout_ms > MAX_TIMEOUT || cbt->close_ms > MAX_TIMEOUT) { log_warn(LD_CIRC, "Insanely large circuit build timeout value. " "(timeout = %fmsec, close = %fmsec)", cbt->timeout_ms, cbt->close_ms); @@ -1386,6 +1387,7 @@ circuit_build_times_network_check_changed(circuit_build_times_t *cbt) cbt->close_ms = cbt->timeout_ms = circuit_build_times_get_initial_timeout(); } +#undef MAX_TIMEOUT

cbt_control_event_buildtimeout_set(cbt, BUILDTIMEOUT_SET_EVENT_RESET);

diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 12ed71d..14451c0 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1809,7 +1809,7 @@ scale_array_elements_to_u64(u64_dbl_t *entries, int n_entries, double scale_factor; int i; /* big, but far away from overflowing an int64_t */ -#define SCALE_TO_U64_MAX (INT64_MAX / 4) +#define SCALE_TO_U64_MAX ((int64_t) (INT64_MAX / 4))

for (i = 0; i < n_entries; ++i) total += entries[i].dbl;