[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #19130 [Core Tor/Tor]: Seg fault in round_int64_to_next_multiple_of()
#19130: Seg fault in round_int64_to_next_multiple_of()
--------------------------+------------------------------
Reporter: arma | Owner:
Type: defect | Status: needs_review
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------
Changes (by asn):
* status: new => needs_review
Comment:
Let's move this forward. Please see my branch `bug19130` for the fix
suggested by teor in comment:3 .
It changes the check to:
{{{
if (INT64_MAX - divisor < number - 1)
return INT64_MAX;
}}}
Are there additional check that need to be added?
Also, should we fix the other `round_*_to_next_multiple_of()` functions
which have a similar pattern? They deal with unsigned integers where an
overflow is not UB; but maybe we should not cause overflows on purpose
anyway.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19130#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs