#24590 closed defect (fixed)

sched: Fix integer overflow for KIST

Reported by: dgoulet Owned by: dgoulet
Priority: High Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-sched
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Ticket #24423 found a possible integer overflow with:

  tcp_space = (ent->cwnd - ent->unacked) * (int64_t)ent->mss;

... if we ever end up with cwnd being smaller than unacked. I've observed this on a relay leading to huge values for tcp_space which leads to the wrong TCP limit for the channel.

Any overflow should result in tcp_space = 0 in practice.

Child Tickets

Change History (3)

comment:1 Changed 16 months ago by dgoulet

Status: assignedmerge_ready

See branch: bug24590_032_01

(Exact same fixes as in #24423 but with added comments and changes file).

comment:2 Changed 16 months ago by nickm

Merged to 0.3.2 and forward.

comment:3 Changed 16 months ago by nickm

Resolution: fixed
Status: merge_readyclosed
Note: See TracTickets for help on using tickets.