commit b7566d465f0299e97b46f40d746a1203257245d4 Author: Nick Mathewson nickm@torproject.org Date: Fri Jul 14 13:56:40 2017 -0400

Fix a signed integer overflow in dir/download_status_random_backoff

Fix for 22924. Bugfix on 0.2.9.1-alpha when the test was introducd -- though it couldn't actually overflow until we fixed 17750.

Additionally, this only seems to overflow on 32-bit, and only when the compiler doesn't re-order the (possibly dead) assignment out of the way. We ran into it on a 32-bit ubuntu trusty builder. --- changes/bug22924 | 4 ++++ src/test/test_dir.c | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/changes/bug22924 b/changes/bug22924 new file mode 100644 index 0000000..e59fc72 --- /dev/null +++ b/changes/bug22924 @@ -0,0 +1,4 @@ + o Minor bugfies (tests): + - Fix a signed-integer overflow in the unit tests for + dir/download_status_random_backoff, which was untriggered until we + fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha. diff --git a/src/test/test_dir.c b/src/test/test_dir.c index 53911e8..729ae64 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -3657,12 +3657,14 @@ download_status_random_backoff_helper(int min_delay, int max_delay) }

/* Advance */ - current_time += increment; ++(dls_random.n_download_attempts); ++(dls_random.n_download_failures);

/* Try another maybe */ old_increment = increment; + if (increment >= max_delay) + current_time += increment; + } while (increment < max_delay);

done: