[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17983 [Tor]: Build tor with -fwrapv by default

Subject: Re: [tor-bugs] #17983 [Tor]: Build tor with -fwrapv by default
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 07 Jan 2016 02:45:53 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 06 Jan 2016 21:46:04 -0500
In-reply-to: <044.bec091d75ca3d23977e7cee1ff1f2f3c@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.bec091d75ca3d23977e7cee1ff1f2f3c@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17983: Build tor with -fwrapv by default
-------------------------+------------------------------------
 Reporter:  teor         |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  Medium       |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor          |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+------------------------------------

Comment (by teor):

 Replying to [comment:6 nickm]:
 > I've just heard an alternative proposal: that we should build (most of?)
 Tor with -ftrapv rather than -fwrapv.
 >
 > Rationale: Chandler from the LLVM project looked at wrapping signed
 arithmetic in some really huge codebases, to see if there was much buggy
 code that assumed that wrapping would happen.  What he found instead: that
 in (nearly?) every case, no overflow behavior would have been correct: the
 code was buggy for any possible semantics of signed overflow.  In these
 cases, using -fwrapv turns buggy undefined behavior into other buggy (but
 defined) behavior, rather than making any code correct.
 >

 I think this is an excellent idea!

 In 0.2.6 and 0.2.7, I built with -ftrapv regularly, and reported the
 resulting integer overflow issues as they crashed my tor instances.

 However, -ftrapv might cause crashes in 0.2.8-stable if we don't test it
 well enough.

 It's also worth noting that --enable-gcc-hardening and the hardened Tor
 Browser series both build with -fwrapv. Maybe we should come up with a
 consistent approach?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17983#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17983 [Tor]: Build tor with -fwrapv by default
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #11360 [Tor]: Listen on IPv6 by default for SocksPort
Next by Author: Re: [tor-bugs] #17887 [Tor]: Let fallback script use day-old data
Previous by thread: Re: [tor-bugs] #17983 [Tor]: Build tor with -fwrapv by default
Next by thread: Re: [tor-bugs] #17983 [Tor]: Build tor with -fwrapv by default
Index(es):
- Author
- Thread