[tor-bugs] #4230 [Tor Client]: smartlist_ensure_capacity contains bogus overflow check
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Oct 14 18:38:01 UTC 2011
#4230: smartlist_ensure_capacity contains bogus overflow check
------------------------+---------------------------------------------------
Reporter: rransom | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.1.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
In `smartlist_ensure_capacity`, in src/common/container.c:
{{{
if (size > sl->capacity) {
int higher = sl->capacity * 2;
while (size > higher)
higher *= 2;
tor_assert(higher > 0); /* detect overflow */
}}}
Overflow of a signed integer produces undefined results. I would be
surprised if GCC doesn't optimize this comparison out, just for the sake
of conjuring nasal demons at people who don't code with a copy of the C
‘standard’ at hand.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4230>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list