Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix a signed integer overflow in dir/download_status_random_backoff

Fix for 22924. Bugfix on 0.2.9.1-alpha when the test was introducd
-- though it couldn't actually overflow until we fixed 17750.

Additionally, this only seems to overflow on 32-bit, and only when
the compiler doesn't re-order the (possibly dead) assignment out of
the way.  We ran into it on a 32-bit ubuntu trusty builder.
Nick Mathewson 6 years ago
parent
527c0735f1
commit
b7566d465f
2 changed files with 7 additions and 1 deletions
Split View Show Diff Stats
  1. 4 0
      changes/bug22924
  2. 3 1
      src/test/test_dir.c

+ 4 - 0
changes/bug22924
View File 

@@ -0,0 +1,4 @@
 
+  o Minor bugfies (tests):
 
+    - Fix a signed-integer overflow in the unit tests for
 
+      dir/download_status_random_backoff, which was untriggered until we
 
+      fixed bug 17750.  Fixes bug 22924; bugfix on 0.2.9.1-alpha.

+ 3 - 1
src/test/test_dir.c
View File 

@@ -3657,12 +3657,14 @@ download_status_random_backoff_helper(int min_delay, int max_delay)
 
     }
 
 
     /* Advance */
 
-    current_time += increment;
 
     ++(dls_random.n_download_attempts);
 
     ++(dls_random.n_download_failures);
 
 
     /* Try another maybe */
 
     old_increment = increment;
 
+    if (increment >= max_delay)
 
+      current_time += increment;
 
+
 
   } while (increment < max_delay);
 
 
  done: