[tor-bugs] #6877 [Core Tor/Tor]: Finally replace all char[] buffers with uint8_t[] buffers

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri May 26 20:11:36 UTC 2017 

#6877: Finally replace all char[] buffers with uint8_t[] buffers
-------------------------------------------------+-------------------------
 Reporter:  nickm                                |          Owner:
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-client tor-relay refactoring     |  Actual Points:
  technical-debt lots-of-work                    |
Parent ID:                                       |         Points:  10
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by catalyst):

 * cc: catalyst (added)


Comment:

 If we really want to avoid the aliasing problems we could use a typedef
 like u_char to abbreviate unsigned char.  It's 6 characters instead of 7
 (for uint8_t).  (Note that u_char might only be available on BSD-ish
 platforms.)

 My understanding is nothing in the C standard guarantees that uint8_t is
 unsigned char, but it is highly likely to be on POSIX platforms because
 POSIX requires uint8_t to exist.  It is theoretically possible that
 uint8_t is a distinct type from unsigned char on a POSIX platform, but
 that would be a very unusual implementation choice.  We should probably
 document (and test, if possible) this assumption if we choose to use
 uint8_t.

 Also using unsigned char doesn't necessarily prevent all foreseeable
 signed arithmetic bugs in byte manipulation, because the integer
 promotions will promote unsigned char values to signed int on most
 platforms.  (OK fine some unusual platforms could have identically sized
 char and int.)  The fix for #6861 in
 96d2a21683cdfe25b549e13fa450d4b12fb945b2 still right-shifts a signed
 integer, just a nonnegative one.  That instance looks to be safe, but
 similar more complicated expressions could cause trouble.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6877#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list