[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2320 [Tor Client]: var_cell_t with payload_len 0 risky

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #2320 [Tor Client]: var_cell_t with payload_len 0 risky
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Thu, 06 Jan 2011 15:41:40 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 06 Jan 2011 10:41:50 -0500
In-reply-to: <044.111eb78fc00e0afb3c39f0a816f6b25b@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.111eb78fc00e0afb3c39f0a816f6b25b@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#2320: var_cell_t with payload_len 0 risky
------------------------+---------------------------------------------------
 Reporter:  arma        |       Owner:                    
     Type:  defect      |      Status:  new               
 Priority:  normal      |   Milestone:  Tor: 0.2.2.x-final
Component:  Tor Client  |     Version:                    
 Keywords:              |      Parent:                    
------------------------+---------------------------------------------------

Comment(by nickm):

 malloc(0) is a special case.    In the original code, how is it possible
 for an error to occur if nothing actually dereferences cell->payload[0]  ?

 ----
 Perhaps we should bite a bullet here and use C99 flexible arrays where
 they are available, falling back to GCC 0-length arrays, and only then to
 offsetof-based tricks.  I'm not sure what that actually buys us other than
 making our code uglier, though.

 http://gcc.gnu.org/onlinedocs/gcc-4.1.2/gcc/Zero-Length.html

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2320#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #1795 [Tor Relay]: Prop 174: Optimistic Data for Tor: Server Side
Next by Author: Re: [tor-bugs] #2354 [arm]: arm crash on e in first screen
Previous by thread: Re: [tor-bugs] #2320 [Tor Client]: var_cell_t with payload_len 0 risky
Next by thread: Re: [tor-bugs] #2320 [Tor Client]: var_cell_t with payload_len 0 risky
Index(es):
- Author
- Thread