[tor-bugs] #4230 [Tor Client]: smartlist functions contain bogus overflow checks

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sun Oct 16 22:57:30 UTC 2011


#4230: smartlist functions contain bogus overflow checks
------------------------+---------------------------------------------------
 Reporter:  rransom     |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  major       |      Milestone:  Tor: 0.2.1.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by mansour):

 Replying to [comment:3 Sebastian]:
 > aren't we good here because we ensure that we're using 2s complement?

 If the assert had been within the while loop, perhaps.

 For example, if the variable size == INT_MAX/2+1, and sl->capacity ==
 size+1. The variable higher is assigned a negative off the bat; gets
 doubled; underflows; and the loop breaks. Then the assert passes
 essentially by accident.

 But that's just this particular instance.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4230#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list