[tor-bugs] #18162 [Tor]: Potential heap corruption in smartlist_add(), smartlist_insert()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jan 29 14:34:07 UTC 2016
#18162: Potential heap corruption in smartlist_add(), smartlist_insert()
-------------------------------------------------+-------------------------
Reporter: asn | Owner: nickm
Type: defect | Status:
Priority: High | needs_review
Component: Tor | Milestone: Tor:
Severity: Normal | 0.2.8.x-final
Keywords: security 025-backport 026-backport | Version:
027-backport 024-backport | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
The value range of size_t can be smaller than int. This is likely true for
some compilers targeting segmented memory models. It would be good to have
a compile time assert to check that.
Integer types are allowed to have padding bits. Thus, the check:
#if SIZEOF_SIZE_T > SIZEOF_INT
doesn't necessarily do the right thing. Even if there is no hardware that
has padding, there might be compiler versions in the future where it
matters, e.g. if they want to attach state to track usage of variables.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18162#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list