[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Fix an integer overflow bug in the tv_mdiff range check
commit 2e51608a8b7d883f5e187ccc83ed871e248442c2
Author: teor (Tim Wilson-Brown) <teor2345@xxxxxxxxx>
Date: Wed Jun 29 12:53:50 2016 +1000
Fix an integer overflow bug in the tv_mdiff range check
The temporary second used for rounding can cause overflow,
depending on the order the compiler performs the operations.
---
src/common/util.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/common/util.c b/src/common/util.c
index 4b6df81..44994fb 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1394,6 +1394,7 @@ tv_udiff(const struct timeval *start, const struct timeval *end)
long udiff;
long secdiff = end->tv_sec - start->tv_sec;
+ /* end->tv_usec - start->tv_usec can be up to 1 second */
if (labs(secdiff)+1 > LONG_MAX/1000000) {
log_warn(LD_GENERAL, "comparing times on microsecond detail too far "
"apart: %ld seconds", secdiff);
@@ -1412,7 +1413,9 @@ tv_mdiff(const struct timeval *start, const struct timeval *end)
long mdiff;
long secdiff = end->tv_sec - start->tv_sec;
- if (labs(secdiff)+1 > LONG_MAX/1000) {
+ /* end->tv_usec - start->tv_usec can be up to 1 second,
+ * but the mdiff calculation adds another temporary second */
+ if (labs(secdiff)+2 > LONG_MAX/1000) {
log_warn(LD_GENERAL, "comparing times on millisecond detail too far "
"apart: %ld seconds", secdiff);
return LONG_MAX;
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits