smartlist functions contain bogus overflow checks
In smartlist_ensure_capacity
, in src/common/container.c:
if (size > sl->capacity) {
int higher = sl->capacity * 2;
while (size > higher)
higher *= 2;
tor_assert(higher > 0); /* detect overflow */
Overflow of a signed integer produces undefined results. I would be surprised if GCC doesn't optimize this comparison out, just for the sake of conjuring nasal demons at people who don't code with a copy of the C ‘standard’ at hand.