[tor-bugs] #6853 [Tor Directory Authority]: Relay-flag voting code has undefined behaviour
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Sep 15 15:16:48 UTC 2012
#6853: Relay-flag voting code has undefined behaviour
-------------------------------------+--------------------------------------
Reporter: rransom | Owner: rransom
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor Directory Authority | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------------------+--------------------------------------
After Nick found and fixed #6833, the bughunter with many names pointed
out that the following code ''still'' has undefined behaviour, even with
`j` known to be less than the bit width of `*flags_out`:
{{{
*flags_out |= (1<<j);
}}}
The problem is that `1` has type `int`, so on platforms where `int` only
has 32 bits (i.e. almost all of them), this still tries to shift by more
than the width of the type in one fell swoop.
This undefined behaviour is probably lurking in everything that touches
this flags field, not just the parsing goo.
Marking as 0.2.4.x-only for now, but this should definitely be backported
to a future 0.2.3-da branch.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6853>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list