[tor-bugs] #18162 [Tor]: Potential heap corruption in smartlist_add(), smartlist_insert()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 28 11:54:36 UTC 2016
#18162: Potential heap corruption in smartlist_add(), smartlist_insert()
-------------------------------------------------+-------------------------
Reporter: asn | Owner: nickm
Type: defect | Status:
Priority: High | needs_review
Component: Tor | Milestone: Tor:
Severity: Normal | 0.2.8.x-final
Keywords: security 025-backport 026-backport | Version:
027-backport 024-backport | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Comment (by asn):
Replying to [comment:5 nickm]:
> The branch `bug18162_024` in my public repository has a proposed fix for
this bug, along with a small family of related bugs. You can see the
patch here:
https://gitweb.torproject.org/nickm/tor.git/commit/?h=bug18162_024&id=bca7083e8285e8e6a4377076a7e432417eafc6d2
>
> Review would be much appreciated.
>
Thanks for the patch!
Looks reasonable, but oh my all this casting makes my brain hurt. This
casting approach was preferred over re-defining `sl->capacity` and
`sl->num_used` as `size_t`. Is this because you would then need to change
too many things on the rest of the codebase?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18162#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list