[tor-bugs] #18296 [Tor]: Potential integer overflow and memory corruption in smartlist_heapify
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 18 16:44:29 UTC 2016
#18296: Potential integer overflow and memory corruption in smartlist_heapify
-------------------------+------------------------------------
Reporter: cypherpunks | Owner: nickm
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+------------------------------------
Comment (by nickm):
> I can't understand how returning yields a valid heap.
Remember, the only way that the heap property can be invalid is that the
value at idx may be larger than one or both of its children. If we reach
a value of idx that is too large to have any children, then we know that
the heap property cannot be violated.
I've tried to explain things a little better on the branch; does it make
more sense now?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18296#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list