[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18296 [Tor]: Potential integer overflow and memory corruption in smartlist_heapify
#18296: Potential integer overflow and memory corruption in smartlist_heapify
-------------------------+------------------------------------
Reporter: cypherpunks | Owner: nickm
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+------------------------------------
Comment (by nickm):
> I can't understand how returning yields a valid heap.
Remember, the only way that the heap property can be invalid is that the
value at idx may be larger than one or both of its children. If we reach
a value of idx that is too large to have any children, then we know that
the heap property cannot be violated.
I've tried to explain things a little better on the branch; does it make
more sense now?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18296#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs