[tor-bugs] #19130 [Core Tor/Tor]: Seg fault in round_int64_to_next_multiple_of()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 19 22:36:31 UTC 2016
#19130: Seg fault in round_int64_to_next_multiple_of()
--------------------------+--------------------------------
Reporter: arma | Owner:
Type: defect | Status: needs_revision
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: teor | Sponsor:
--------------------------+--------------------------------
Changes (by teor):
* status: needs_review => needs_revision
* reviewer: => teor
Comment:
`number - 1` can underflow if `number` is `INT64_MIN`.
So we need to skip the overflow check in that case.
How about:
{{{
if (number > INT64_MIN)
if (INT64_MAX - divisor < number - 1)
return INT64_MAX;
}}}
Otherwise this looks good, and yes, it would be sensible to explicitly
handle overflow and underflow, rather than leaving it to the whims of
compilers.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19130#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list