commit cdbf756b90b05fcf8211d6fea302652923af4171
parent 6ada3be8f17ebc81352a3e44c4a92f8adff6bfee
Author: David Goulet <dgoulet@torproject.org>
Date: Tue, 5 Oct 2021 13:47:49 -0400
cc: Fix 32bit arithmetic to actually be 64bit
Coverity report: CID 1492322
________________________________________________________________________________________________________
*** CID 1492322: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/core/or/congestion_control_flow.c: 399 in circuit_process_stream_xon()
393 }
394
395 log_info(LD_EDGE, "Got XON: %d", xon->kbps_ewma);
396
397 /* Adjust the token bucket of this edge connection with the drain rate in
398 * the XON. Rate is in bytes from kilobit (kpbs). */
>>> CID 1492322: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "xon_cell_get_kbps_ewma(xon) * 1000U" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
399 uint64_t rate = xon_cell_get_kbps_ewma(xon) * 1000;
400 if (rate == 0 || INT32_MAX < rate) {
401 /* No rate. */
402 rate = INT32_MAX;
403 }
404 token_bucket_rw_adjust(&conn->bucket, (uint32_t) rate, (uint32_t) rate);
Fixes #40478
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/or/congestion_control_flow.c b/src/core/or/congestion_control_flow.c
@@ -396,7 +396,7 @@ circuit_process_stream_xon(edge_connection_t *conn,
/* Adjust the token bucket of this edge connection with the drain rate in
* the XON. Rate is in bytes from kilobit (kpbs). */
- uint64_t rate = xon_cell_get_kbps_ewma(xon) * 1000;
+ uint64_t rate = ((uint64_t) xon_cell_get_kbps_ewma(xon) * 1000);
if (rate == 0 || INT32_MAX < rate) {
/* No rate. */
rate = INT32_MAX;
