[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17682 [Tor]: safe_timer_diff is unsafe under wrapping

Subject: Re: [tor-bugs] #17682 [Tor]: safe_timer_diff is unsafe under wrapping
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 29 Dec 2015 23:42:44 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 29 Dec 2015 18:42:56 -0500
In-reply-to: <044.36101974ca1359e95f046489003aee64@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.36101974ca1359e95f046489003aee64@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17682: safe_timer_diff is unsafe under wrapping
------------------------------+------------------------------------
 Reporter:  teor              |          Owner:
     Type:  defect            |         Status:  new
 Priority:  Medium            |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor               |        Version:  Tor: unspecified
 Severity:  Normal            |     Resolution:
 Keywords:  regression, easy  |  Actual Points:
Parent ID:                    |         Points:  small
  Sponsor:                    |
------------------------------+------------------------------------

Comment (by teor):

 It would be great to implement and test this once, and then use it here,
 and when we parse integers from strings, and perhaps in other locations
 that (attempt) to detect integer overflow.

 I can imagine us wanting the following behaviours:
 * saturate (clip to MIN/MAX) on over/underflow
 * fail on over/underflow
 * wrap on over/underflow (that is, a simple cast to a wide unsigned type)

 The `checked_add_1()` function in http://blog.regehr.org/archives/1139
 compiles efficiently on both clang and gcc, let's start with that as a
 base. (If we need to, we could implement it as a macro which expands into
 type-specific or outcome-specific functions.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17682#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #17931 [Tor Browser]: Tor Browser Hardened Crash
Next by Author: [tor-bugs] #17958 [- Select a component]: can't log into this trac over Tor -- recaptcha hell
Previous by thread: Re: [tor-bugs] #17682 [Tor]: safe_timer_diff is unsafe under wrapping
Next by thread: Re: [tor-bugs] #15380 [Tor]: log messages are doubled and unclear
Index(es):
- Author
- Thread