[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #30920 [Core Tor/Tor]: Detect uint64 overflow in config_parse_units()
#30920: Detect uint64 overflow in config_parse_units()
---------------------------+------------------------------------
Reporter: nickm | Owner: (none)
Type: defect | Status: new
Priority: Low | Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor | Version:
Severity: Minor | Resolution:
Keywords: easy overflow | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------+------------------------------------
Comment (by teor):
Replying to [comment:10 guigom]:
> First of all, sorry for the late reply
>
> Replying to [comment:9 nickm]:
> > > Is this the expected behavior, or should it fallback to UINT64_MAX?
> >
> > I think that's a better behavior for config_parse_memunit(). In the
case of config_parse_memunit(), it's better that the user be told about
the problem than to have us silently ignore their request.
>
> Understood, in that case is it ok to detect overflow inside
config_parse_memunit() by check if nowrap_multiplication yielded
UINTMAX_64? It seems quite strange in my opinion to specify such value
explicitly.
Maybe we should fail on anything larger than SSIZE_T_MAX?
(SSIZE_T_MAX is half the maximum possible memory size.)
> In addition to that I'm not sure if float multiplication should be
handled as well or this ticket should just focus on unsigned integer.
No, we don't have any critical code that uses float multiplication.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30920#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs