tor/changes/bug18162
Nick Mathewson bca7083e82 avoid integer overflow in and around smartlist_ensure_capacity.
This closes bug 18162; bugfix on a45b131590, which fixed a related
issue long ago.

In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.
2016-01-27 12:32:41 -05:00

8 lines
295 B
Plaintext

o Major bugfixes (security, pointers):
- Avoid a difficult-to-trigger heap corruption attack when extending
a smartlist to contain over 16GB of pointers. Fixes bug #18162;
bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
incompletely. Reported by Guido Vranken.