commit b7566d465f0299e97b46f40d746a1203257245d4
parent 527c0735f11d5a36aa1fb84dc30b624139ba8406
Author: Nick Mathewson <nickm@torproject.org>
Date: Fri, 14 Jul 2017 13:56:40 -0400
Fix a signed integer overflow in dir/download_status_random_backoff
Fix for 22924. Bugfix on 0.2.9.1-alpha when the test was introducd
-- though it couldn't actually overflow until we fixed 17750.
Additionally, this only seems to overflow on 32-bit, and only when
the compiler doesn't re-order the (possibly dead) assignment out of
the way. We ran into it on a 32-bit ubuntu trusty builder.
Diffstat:
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/changes/bug22924 b/changes/bug22924
@@ -0,0 +1,4 @@
+ o Minor bugfies (tests):
+ - Fix a signed-integer overflow in the unit tests for
+ dir/download_status_random_backoff, which was untriggered until we
+ fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
@@ -3657,12 +3657,14 @@ download_status_random_backoff_helper(int min_delay, int max_delay)
}
/* Advance */
- current_time += increment;
++(dls_random.n_download_attempts);
++(dls_random.n_download_failures);
/* Try another maybe */
old_increment = increment;
+ if (increment >= max_delay)
+ current_time += increment;
+
} while (increment < max_delay);
done:
