[tor-bugs] #4233 [Tor Client]: Exact addition/summation and memory allocation

[Tor Bug Tracker & Wiki]

#4233: Exact addition/summation and memory allocation
---------------------------+------------------------------------------------
 Reporter:  mansour        |          Owner:                    
     Type:  enhancement    |         Status:  needs_review      
 Priority:  normal         |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor Client     |        Version:                    
 Keywords:  small-feature  |         Parent:                    
   Points:                 |   Actualpoints:                    
---------------------------+------------------------------------------------
Changes (by nickm):

  * milestone:  Tor: 0.2.3.x-final => Tor: 0.2.4.x-final


Comment:

 So, the thing about asserting on a tor_malloc(0) seems wrong to me. A sum
 that could overflow to 0 could as easily overflow to 1, with equally poor
 consequences.

 Safe addition is a good idea; the overflow criteria here are wrong for our
 case, though, since we treat any value above SIZE_T_CEILING as a probable
 underflow.

 The varargs approach seems error-prone to me, since it can't be
 typechecked, and seems prone to doing weird things in cases where the
 arguments have any type besides size_t.  (For example, in the single
 example you give, the value "1" will get passed to the variadic function
 as an "int," which is signed and potentially smaller than size_t.

 Since only one case (and that a safe one) is actually protected by this
 patch series, I'm going to defer it to the 0.2.4.x merge window.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4233#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online