[tor-commits] [tor/master] Fix integer overflow in cell stats spotted by atagar.

nickm at torproject.org nickm at torproject.org
Wed Jun 13 14:12:52 UTC 2012 

commit 2133b6e5ba0985aa7810edf2d9973470bc4c19da
Author: Karsten Loesing <karsten.loesing at gmx.net>
Date:   Mon May 14 14:30:04 2012 +0200

    Fix integer overflow in cell stats spotted by atagar.
    
    Fixes #5849.
---
 changes/bug5849  |    3 +++
 src/or/rephist.c |   14 ++++++++------
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/changes/bug5849 b/changes/bug5849
new file mode 100644
index 0000000..b6738a6
--- /dev/null
+++ b/changes/bug5849
@@ -0,0 +1,3 @@
+  o Minor bugfixes:
+    - Fix a (harmless) integer overflow in cell statistics reported by
+      some fast relays.  Fixes bug 5849; bugfix on 0.2.2.1-alpha.
diff --git a/src/or/rephist.c b/src/or/rephist.c
index ec5b846..341a5a3 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -2478,8 +2478,9 @@ char *
 rep_hist_format_buffer_stats(time_t now)
 {
 #define SHARES 10
-  int processed_cells[SHARES], circs_in_share[SHARES],
-      number_of_circuits, i;
+  uint64_t processed_cells[SHARES];
+  uint32_t circs_in_share[SHARES];
+  int number_of_circuits, i;
   double queued_cells[SHARES], time_in_queue[SHARES];
   smartlist_t *processed_cells_strings, *queued_cells_strings,
               *time_in_queue_strings;
@@ -2494,8 +2495,8 @@ rep_hist_format_buffer_stats(time_t now)
   tor_assert(now >= start_of_buffer_stats_interval);
 
   /* Calculate deciles if we saw at least one circuit. */
-  memset(processed_cells, 0, SHARES * sizeof(int));
-  memset(circs_in_share, 0, SHARES * sizeof(int));
+  memset(processed_cells, 0, SHARES * sizeof(uint64_t));
+  memset(circs_in_share, 0, SHARES * sizeof(uint32_t));
   memset(queued_cells, 0, SHARES * sizeof(double));
   memset(time_in_queue, 0, SHARES * sizeof(double));
   if (!circuits_for_buffer_stats)
@@ -2523,8 +2524,9 @@ rep_hist_format_buffer_stats(time_t now)
   time_in_queue_strings = smartlist_new();
   for (i = 0; i < SHARES; i++) {
     smartlist_add_asprintf(processed_cells_strings,
-                           "%d", !circs_in_share[i] ? 0 :
-                              processed_cells[i] / circs_in_share[i]);
+                           U64_FORMAT, !circs_in_share[i] ? 0 :
+                           U64_PRINTF_ARG(processed_cells[i] /
+                           circs_in_share[i]));
   }
   for (i = 0; i < SHARES; i++) {
     smartlist_add_asprintf(queued_cells_strings, "%.2f",

More information about the tor-commits mailing list