[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22789 [Core Tor/Tor]: Tor 0.3.1.4-alpha crash on OpenBSD-current
#22789: Tor 0.3.1.4-alpha crash on OpenBSD-current
-------------------------------------------------+-------------------------
Reporter: fredzupy | Owner:
Type: defect | Status:
| needs_review
Priority: High | Milestone: Tor:
| 0.3.1.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.3.1.4-alpha
Severity: Major | Resolution:
Keywords: tor crash inet_pton c99 openbsd | Actual Points:
024-backport 025-backport 026-backport |
027-backport 028-backport 029-backport |
030-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by catalyst):
Nothing in C99 7.20.1.4 explicitly says that a string starting with `0x`
should result in `nptr == *endptr` when `base == 16`.
It might be ambiguous about whether `0x` is an expected subject sequence
for `strtol` with `base == 16`. I think the ambiguity is whether the
subject sequence is `0` vs `0x`, rather than empty. 7.20.1.4p7 says `nptr
== *endptr` if the subject sequence "is empty or does not have the
expected form", but 7.20.1.4p4 defines the subject sequence as "the
longest initial subsequence of the input string, starting with the first
non-white-space character, that is of the expected form", so "not have the
expected form" is redundant because that is impossible for a subject
sequence as defined.
It goes on to say that the subject sequence is empty if "the input string
is empty or consists entirely of white space, or if the first non-white-
space character is other than a sign or a permissible letter or digit".
Neither of these is true for a string starting with `0x`, because `0` is a
permissible digit for `base == 16`.
This also brings up the question of whether a subject string can consist
of only a sign prefix. I think it can be, but the reference to 6.4.4.1
implies that is not true, at least for `base == 0`, because an ''integer-
constant'' cannot be empty.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22789#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs