[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27741 [Core Tor/Tor]: too many arguments in rust protover_compute_vote()



#27741: too many arguments in rust protover_compute_vote()
-------------------------------------------------+-------------------------
 Reporter:  cyberpunks                           |          Owner:  nickm
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.5.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.3.3.6
 Severity:  Normal                               |     Resolution:
 Keywords:  035-must, protover, memory-safety,   |  Actual Points:
  033-backport, 034-backport                     |
Parent ID:  #27739                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 Replying to [comment:8 cyberpunks]:
 > If #27273 were fixed and there were rust + asan CI runs, would asan have
 probably caught this?

 Probably not:
 * ASAN monitors RAM accesses, and the first few arguments are almost
 always passed in registers
 * ASAN can only find out of bounds accesses past a certain number of
 bytes. 1 byte or 1 word might not be far enough.

 Here are some things that probably would have caught the bug:
 * using automated Rust to C function prototype generation (I'm sure we
 have a ticket for this, but I can't find it right now)
 * C to Rust unit tests (maybe depends on #25386?), if the values in the
 uninitialised register weren't always zero, or if the architecture poisons
 uninitialised registers
 * fuzzing C against Rust (#27229), if the values in the uninitialised
 register weren't always zero, or if the architecture poisons uninitialised
 registers

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27741#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs