aboutsummaryrefslogtreecommitdiff
path: root/changes/bug17983
blob: db52a37615fbbc58c5636618218bf37be61dbb4d (plain)
1
2
3
4
5
6
7
8
9
10
11
  o Minor features (bug-finding):
    - Tor now builds with -ftrapv by default on compilers that support it.
      This option detects signed integer overflow, and turns it into a
      hard-failure.  We do not apply this option to code that needs to run
      in constant time to avoid side-channels; instead, we use -fwrapv.
      Closes ticket 17983.
    - When --enable-expensive-hardening is selected, stop applying the clang/gcc
      sanitizers to code that needs to run in constant-time to avoid side
      channels: although we are aware of no introduced side-channels, we
      are not able to prove that this is safe. Related to ticket 17983.