Re: [tor-bugs] #19130 [Core Tor/Tor]: Seg fault in round_int64_to_next_multiple_of()

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#19130: Seg fault in round_int64_to_next_multiple_of()
--------------------------+---------------------
 Reporter:  arma          |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+---------------------

Comment (by asn):

 Yawning suggests this is a signed int overflow that leads to an abort
 because of ftrapv (#17983).

 The overflow happens at:
 {{{
   if (INT64_MAX - divisor + 1 < number)
     return INT64_MAX;
 }}}
 whose left side probably gets applied as `INT64_MAX + 1 - divisor`.

 A potential fix here would be to reorder that if statement to:
 {{{
   if (INT64_MAX - number < divisor - 1)
     return INT64_MAX;
 }}}
 maybe with an additional check that `divisor >= 1`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19130#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs