[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #2321 [Tor Client]: sketchy integer casting in circuit_build_times_shuffle_and_store_array
#2321: sketchy integer casting in circuit_build_times_shuffle_and_store_array
------------------------+---------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: minor | Milestone:
Component: Tor Client | Version: Tor: 0.2.2.19-alpha
Keywords: | Parent:
------------------------+---------------------------------------------------
In circuit_build_times_parse_state() we have
{{{
uint32_t loaded_cnt
}}}
which we increment as we read each line. Then we
{{{
circuit_build_times_shuffle_and_store_array(cbt, loaded_times,
loaded_cnt);
}}}
and circuit_build_times_shuffle_and_store_array() receives its third
argument as "int num_times".
I don't think there are actual problems here (yet), because we have
several checks, like
{{{
if (loaded_cnt != state->TotalBuildTimes) {
}}}
But handing a uint32_t into an int should be avoided.
Reported by doors.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2321>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs