[tor-bugs] #19130 [Core Tor/Tor]: Seg fault in round_int64_to_next_multiple_of()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 19 22:21:31 UTC 2016
#19130: Seg fault in round_int64_to_next_multiple_of()
--------------------------+------------------------------
Reporter: arma | Owner:
Type: defect | Status: needs_review
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------
Changes (by asn):
* status: new => needs_review
Comment:
Let's move this forward. Please see my branch `bug19130` for the fix
suggested by teor in comment:3 .
It changes the check to:
{{{
if (INT64_MAX - divisor < number - 1)
return INT64_MAX;
}}}
Are there additional check that need to be added?
Also, should we fix the other `round_*_to_next_multiple_of()` functions
which have a similar pattern? They deal with unsigned integers where an
overflow is not UB; but maybe we should not cause overflows on purpose
anyway.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19130#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list