[tor-bugs] #30342 [Core Tor/Tor]: 9 dephects on prob_distr.c (April 2019)

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 30 11:14:07 UTC 2019 

#30342: 9 dephects on prob_distr.c (April 2019)
------------------------------+---------------------------------
     Reporter:  asn           |      Owner:  (none)
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: 0.4.1.x-final
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:  prob-distr coverity
Actual Points:                |  Parent ID:
       Points:  0.4           |   Reviewer:
      Sponsor:                |
------------------------------+---------------------------------
 Similar to #29805, coverity is again furious at prob distr:


 We got a bunch of these:

 {{{
 _____________________________________________________________________________________________
 *** CID 1444030:  Incorrect expression  (SIZEOF_MISMATCH)
 /src/test/test_prob_distr.c: 1254 in test_stochastic_weibull_impl()
 1248     }
 1249
 1250     static bool
 1251     test_stochastic_weibull_impl(double lambda, double k)
 1252     {
 1253       const struct weibull dist = {
 >>>     CID 1444030:  Incorrect expression  (SIZEOF_MISMATCH)
 >>>     Adding "0UL /* 0 * sizeof (&dist - (struct weibull const *)&dist)
 */" to pointer "&weibull_ops" of type "struct dist_ops const *" is
 >>> suspicious because adding an integral value to this pointer
 automatically scales that value by the size, 48 bytes, of the pointed-to
 type,
 >>> "struct dist_ops const".  Most likely, the multiplication by "sizeof
 (0L)" in this expression is extraneous and should be eliminated.
 1254         .base = WEIBULL(dist),
 1255         .lambda = lambda,
 1256         .k = k,
 1257       };
 1258
 1259     /*
 }}}

 and a bunch of these:

 {{{
 ________________________________________________________________________________________________
 *** CID 1415723:  Incorrect expression  (DIVIDE_BY_ZERO)
 /src/feature/client/circpathbias.c: 194 in pathbias_get_scale_ratio()
 188       (void) options;
 189       /**
 190        * The mult factor is the numerator for our scaling
 191        * of circuit counts for our path bias window. It
 192        * allows us to scale by fractions.
 193        */
 >>>     CID 1415723:  Incorrect expression  (DIVIDE_BY_ZERO)
 >>>     In expression "networkstatus_get_param(NULL, "pb_multfactor", 1,
 1, denominator) / (double)denominator", division by expression
 >>> "denominator" which may be zero has undefined behavior.
 194       return networkstatus_get_param(NULL, "pb_multfactor",
 195                                   1, 1,
 denominator)/((double)denominator);
 196     }
 197
 198     /** The minimum number of circuit usage attempts before we start
 199       * thinking about warning about path use bias and dropping guards
 */
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30342>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list