From cdbf756b90b05fcf8211d6fea302652923af4171 Mon Sep 17 00:00:00 2001 From: David Goulet Date: Tue, 5 Oct 2021 13:47:49 -0400 Subject: cc: Fix 32bit arithmetic to actually be 64bit Coverity report: CID 1492322 ________________________________________________________________________________________________________ *** CID 1492322: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /src/core/or/congestion_control_flow.c: 399 in circuit_process_stream_xon() 393 } 394 395 log_info(LD_EDGE, "Got XON: %d", xon->kbps_ewma); 396 397 /* Adjust the token bucket of this edge connection with the drain rate in 398 * the XON. Rate is in bytes from kilobit (kpbs). */ >>> CID 1492322: Integer handling issues (OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "xon_cell_get_kbps_ewma(xon) * 1000U" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned). 399 uint64_t rate = xon_cell_get_kbps_ewma(xon) * 1000; 400 if (rate == 0 || INT32_MAX < rate) { 401 /* No rate. */ 402 rate = INT32_MAX; 403 } 404 token_bucket_rw_adjust(&conn->bucket, (uint32_t) rate, (uint32_t) rate); Fixes #40478 Signed-off-by: David Goulet --- src/core/or/congestion_control_flow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/core') diff --git a/src/core/or/congestion_control_flow.c b/src/core/or/congestion_control_flow.c index 0c2baa96e2..9e0cd670c7 100644 --- a/src/core/or/congestion_control_flow.c +++ b/src/core/or/congestion_control_flow.c @@ -396,7 +396,7 @@ circuit_process_stream_xon(edge_connection_t *conn, /* Adjust the token bucket of this edge connection with the drain rate in * the XON. Rate is in bytes from kilobit (kpbs). */ - uint64_t rate = xon_cell_get_kbps_ewma(xon) * 1000; + uint64_t rate = ((uint64_t) xon_cell_get_kbps_ewma(xon) * 1000); if (rate == 0 || INT32_MAX < rate) { /* No rate. */ rate = INT32_MAX; -- cgit v1.2.3-54-g00ecf