[tor-bugs] #19130 [Core Tor/Tor]: Seg fault in round_int64_to_next_multiple_of()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 19 19:21:52 UTC 2016
#19130: Seg fault in round_int64_to_next_multiple_of()
--------------------------+---------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+---------------------
Comment (by asn):
Yawning suggests this is a signed int overflow that leads to an abort
because of ftrapv (#17983).
The overflow happens at:
{{{
if (INT64_MAX - divisor + 1 < number)
return INT64_MAX;
}}}
whose left side probably gets applied as `INT64_MAX + 1 - divisor`.
A potential fix here would be to reorder that if statement to:
{{{
if (INT64_MAX - number < divisor - 1)
return INT64_MAX;
}}}
maybe with an additional check that `divisor >= 1`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19130#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list