[tor-bugs] #27730 [Core Tor/Tor]: CID 1439330: "st.st_size > 9223372036854775807L" is always false
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Sep 17 23:58:23 UTC 2018
#27730: CID 1439330: "st.st_size > 9223372036854775807L" is always false
--------------------------+------------------------------------
Reporter: teor | Owner: nickm
Type: defect | Status: closed
Priority: Medium | Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution: fixed
Keywords: coverity | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by teor):
Replying to [comment:3 cyberpunks]:
> This check was completely redundant anyway, actually. There would be a
potential memory leak here, where buf is non-null but the length is
impossibly long, except it can't happen because even ignoring running out
of ram, `read_file_to_str()` calls a function that
[https://gitweb.torproject.org/tor.git/tree/src/lib/fs/files.c?id=f606b3cfd157dc52872e8b40a9a042861d9246e1#n186
makes the same check against SSIZE_MAX already.]
We don't mind a few redundant checks: they are a defence in depth. It's
easy to forget to do a size check.
Also, this cast might have unexpected results if off_t and ssize_t are
different types:
{{{
(ssize_t)st.st_size
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27730#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list