From 719940df2bdfbd0f5ee02a9ca404f345d2fc49e8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 11 Feb 2013 16:40:48 -0500 Subject: Fix a nigh-impossible overflow in cpuworker.c When we compute the estimated microseconds we need to handle our pending onionskins, we could (in principle) overflow a uint32_t if we ever had 4 million pending onionskins before we had any data about how onionskins take. Nevertheless, let's compute it properly. Fixes bug 8210; bugfix on 0.2.4.10. Found by coverity; this is CID 980651. --- src/or/cpuworker.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c index 6b52f3b5d..444f17cd4 100644 --- a/src/or/cpuworker.c +++ b/src/or/cpuworker.c @@ -222,10 +222,10 @@ uint64_t estimated_usec_for_onionskins(uint32_t n_requests, uint16_t onionskin_type) { if (onionskin_type > MAX_ONION_HANDSHAKE_TYPE) /* should be impossible */ - return 1000 * n_requests; + return 1000 * (uint64_t)n_requests; if (PREDICT_UNLIKELY(onionskins_n_processed[onionskin_type] < 100)) { /* Until we have 100 data points, just asssume everything takes 1 msec. */ - return 1000 * n_requests; + return 1000 * (uint64_t)n_requests; } else { /* This can't overflow: we'll never have more than 500000 onionskins * measured in onionskin_usec_internal, and they won't take anything near -- cgit v1.2.3