[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24423 [Core Tor/Tor]: Fix STACK warnings in Tor

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #24423 [Core Tor/Tor]: Fix STACK warnings in Tor
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 11 Jan 2018 16:26:59 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 11 Jan 2018 11:27:25 -0500
In-reply-to: <045.3b8071d57e21114f92a3b7282333482b@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.3b8071d57e21114f92a3b7282333482b@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#24423: Fix STACK warnings in Tor
-----------------------------+------------------------------------
 Reporter:  nickm            |          Owner:  nickm
     Type:  defect           |         Status:  needs_revision
 Priority:  Medium           |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor     |        Version:
 Severity:  Normal           |     Resolution:
 Keywords:  review-group-27  |  Actual Points:
Parent ID:                   |         Points:
 Reviewer:  catalyst         |        Sponsor:
-----------------------------+------------------------------------

Comment (by nickm):

 Here's the remaining issue:

 {{{
 bug: anti-dce
 model: |
   sw.default.i:
   %.b.i =3D load i1* @networkstatus_get_flavor_name.warning_logged__, !dbg
 !1116
   br i1 %.b.i, label %if.end.i, label %if.then.i, !dbg !1121, !macro !1123
 stack:
   -
 /home/thomas/Arbeit/hardening/stack/build36/tor_test/../../../../Tor/tor/src/or/networkstatus.c:2052:34
 ncore: 1
 core:
   -
 /home/thomas/Arbeit/hardening/stack/build36/tor_test/../../../../Tor/tor/src/or/networkstatus.c:2049:28
     - buffer overflow
 }}}

 and here's the code, with the lines marked.

 {{{
   for (i=0; i<N_CONSENSUS_FLAVORS; ++i) {
     consensus_waiting_for_certs_t *waiting =
 &consensus_waiting_for_certs[i];
     if (!waiting->consensus)
       continue;
     if (networkstatus_check_consensus_signature(waiting->consensus, 0)>=0)
 {
       char *waiting_body = waiting->body; // 2049
       if (!networkstatus_set_current_consensus(
                                  waiting_body,
                                  networkstatus_get_flavor_name(i), // 2052
                                  NSSET_WAS_WAITING_FOR_CERTS,
                                  source_dir)) {
         tor_free(waiting_body);
       }
     }
 }}}

 What's I think is happening here is that the compiler sees that
 `waiting->body` is computed, and so realizes that "i" must be in range 0
 <= i < N_CONSENSUS_FLAVORS.  This could be used to eliminate the assertion
 and default case in networkstatus_get_flavor_name() when it's inlined.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24423#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #20218 [Core Tor/Tor]: Fix and refactor and redocument routerstatus_has_changed
Next by Author: Re: [tor-bugs] #25042 [Archived/Torouter]: Connecting to tor cuts my connection to the internet.
Previous by thread: Re: [tor-bugs] #24423 [Core Tor/Tor]: Fix STACK warnings in Tor
Next by thread: Re: [tor-bugs] #24423 [Core Tor/Tor]: Fix STACK warnings in Tor
Index(es):
- Author
- Thread