[tor-bugs] #31482 [Core Tor/Tor]: Avoid possible overflow when converting between coarse stamp to approx ms
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 22 02:23:17 UTC 2019
#31482: Avoid possible overflow when converting between coarse stamp to approx ms
-------------------------+-------------------------------------------------
Reporter: teor | Owner: teor
Type: defect | Status: assigned
Priority: Medium | Milestone: Tor: 0.4.2.x-final
Component: Core | Version: Tor: 0.3.4.1-alpha
Tor/Tor | Keywords: 035-backport, 040-backport,
Severity: Normal | 041-backport
Actual Points: 0.5 | Parent ID:
Points: 1 | Reviewer:
Sponsor: |
-------------------------+-------------------------------------------------
Our coarse monotonic time conversion code can overflow on some platforms.
In particular, passing a large rate to a token bucket will overflow on
iOS, and any other platform where monotime.numerator^2^ /
monotime.denominator > 512.
I have a fix that makes sure that token bucket's
rate_per_sec_to_rate_per_sec() can't cause an overflow. I can do tests and
a changes file after nickm answers some of my remaining questions.
Gaba, this is a fix on a refactor for #25766, which was originally for
sponsor 8. Are refactor bug fixes covered by sponsor 31 now?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31482>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list