[tor-bugs] #17682 [Tor]: safe_timer_diff is unsafe under wrapping
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 25 04:57:49 UTC 2015
#17682: safe_timer_diff is unsafe under wrapping
------------------------+--------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: small | Sponsor:
------------------------+--------------------------------
safe_timer_diff is meant to avoid overflow (or perhaps negative return
values) but doesn't. (It was introduced to tor 0.2.8.0-alpha-dev in
#3199.)
For example:
* safe_timer_diff(INT_MIN, INT_MAX) returns -1 on a system where
TIME_T_IS_SIGNED. It should return a (clipped) value representing the
largest integer difference possible, such as INT_MAX.
I'm sure there are equivalent issues where TIME_T_IS_UNSIGNED, but I can't
think of any right now.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17682>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list