[tor-bugs] #6853 [Tor Directory Authority]: Relay-flag voting code has undefined behaviour

["Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>]

#6853: Relay-flag voting code has undefined behaviour
-------------------------------------+--------------------------------------
 Reporter:  rransom                  |          Owner:  rransom           
     Type:  defect                   |         Status:  new               
 Priority:  normal                   |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor Directory Authority  |        Version:                    
 Keywords:                           |         Parent:                    
   Points:                           |   Actualpoints:                    
-------------------------------------+--------------------------------------
 After Nick found and fixed #6833, the bughunter with many names pointed
 out that the following code ''still'' has undefined behaviour, even with
 `j` known to be less than the bit width of `*flags_out`:
 {{{
           *flags_out |= (1<<j);
 }}}

 The problem is that `1` has type `int`, so on platforms where `int` only
 has 32 bits (i.e. almost all of them), this still tries to shift by more
 than the width of the type in one fell swoop.

 This undefined behaviour is probably lurking in everything that touches
 this flags field, not just the parsing goo.

 Marking as 0.2.4.x-only for now, but this should definitely be backported
 to a future 0.2.3-da branch.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6853>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs