[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18162 [Tor]: Potential heap corruption in smartlist_add(), smartlist_insert()
#18162: Potential heap corruption in smartlist_add(), smartlist_insert()
-------------------------------------------------+-------------------------
Reporter: asn | Owner: nickm
Type: defect | Status:
Priority: High | needs_review
Component: Tor | Milestone: Tor:
Severity: Normal | 0.2.8.x-final
Keywords: security 025-backport 026-backport | Version:
027-backport 024-backport | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Comment (by nickm):
> The value range of size_t can be smaller than int.
> Integer types are allowed to have padding bits.
I'd be fine with compile-time fixes for both of these. How about
something like
{{{
#if SIZE_MAX < INT_MAX
#error
#endif
}}}
for the first one, and something like
{{{
#if SIZE_MAX/SIZEOF_VOID_P > INT_MAX
...
#endif
}}}
for the second ?
(I do not expect to start supporting segmented memory models or weird
padded ints.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18162#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs