Opened 9 years ago

Closed 9 years ago

Last modified 7 years ago

#2321 closed defect (fixed)

sketchy integer casting in circuit_build_times_shuffle_and_store_array

Reported by: arma Owned by:
Priority: Low Milestone: Tor: 0.2.2.x-final
Component: Core Tor/Tor Version: Tor: 0.2.2.19-alpha
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In circuit_build_times_parse_state() we have

  uint32_t loaded_cnt

which we increment as we read each line. Then we

  circuit_build_times_shuffle_and_store_array(cbt, loaded_times, loaded_cnt);

and circuit_build_times_shuffle_and_store_array() receives its third argument as "int num_times".

I don't think there are actual problems here (yet), because we have several checks, like

  if (loaded_cnt != state->TotalBuildTimes) {

But handing a uint32_t into an int should be avoided.

Reported by doors.

Child Tickets

Change History (6)

comment:1 Changed 9 years ago by nickm

Milestone: Tor: 0.2.2.x-final

comment:2 Changed 9 years ago by nickm

Status: newneeds_review

See branch bug2321 in my public repository.

comment:3 Changed 9 years ago by Sebastian

Patch looks fine. This bug was reported by arma and rransom hasn't commented here yet, did you mean arma in your commit message?

comment:4 Changed 9 years ago by nickm

oops; yes I did.

comment:5 Changed 9 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

fixed message + merged; thanks!

comment:6 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.