[tor-commits] [tor/main] cc: Fix 32bit arithmetic to actually be 64bit

nickm at torproject.org nickm at torproject.org
Tue Oct 5 19:28:38 UTC 2021 

commit cdbf756b90b05fcf8211d6fea302652923af4171
Author: David Goulet <dgoulet at torproject.org>
Date:   Tue Oct 5 13:47:49 2021 -0400

    cc: Fix 32bit arithmetic to actually be 64bit
    
    Coverity report: CID 1492322
    
    ________________________________________________________________________________________________________
    *** CID 1492322:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
    /src/core/or/congestion_control_flow.c: 399 in circuit_process_stream_xon()
    393       }
    394
    395       log_info(LD_EDGE, "Got XON: %d", xon->kbps_ewma);
    396
    397       /* Adjust the token bucket of this edge connection with the drain rate in
    398        * the XON. Rate is in bytes from kilobit (kpbs). */
    >>>     CID 1492322:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
    >>>     Potentially overflowing expression "xon_cell_get_kbps_ewma(xon) * 1000U" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
    399       uint64_t rate = xon_cell_get_kbps_ewma(xon) * 1000;
    400       if (rate == 0 || INT32_MAX < rate) {
    401         /* No rate. */
    402         rate = INT32_MAX;
    403       }
    404       token_bucket_rw_adjust(&conn->bucket, (uint32_t) rate, (uint32_t) rate);
    
    Fixes #40478
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 src/core/or/congestion_control_flow.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/or/congestion_control_flow.c b/src/core/or/congestion_control_flow.c
index 0c2baa96e2..9e0cd670c7 100644
--- a/src/core/or/congestion_control_flow.c
+++ b/src/core/or/congestion_control_flow.c
@@ -396,7 +396,7 @@ circuit_process_stream_xon(edge_connection_t *conn,
 
   /* Adjust the token bucket of this edge connection with the drain rate in
    * the XON. Rate is in bytes from kilobit (kpbs). */
-  uint64_t rate = xon_cell_get_kbps_ewma(xon) * 1000;
+  uint64_t rate = ((uint64_t) xon_cell_get_kbps_ewma(xon) * 1000);
   if (rate == 0 || INT32_MAX < rate) {
     /* No rate. */
     rate = INT32_MAX;

More information about the tor-commits mailing list