Detect an unlikely integer overflow.

torproject · Sep 27, 2018 · b058f64 · b058f64
1 parent 9e65e7a
commit b058f64
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/src/feature/stats/geoip_stats.c b/src/feature/stats/geoip_stats.c
@@ -265,7 +265,10 @@ geoip_note_client_seen(geoip_client_action_t action,
     int country_idx = geoip_get_country_by_addr(addr);
     if (country_idx < 0)
       country_idx = 0; /** unresolved requests are stored at index 0. */
-    increment_v3_ns_request(country_idx);
+    IF_BUG_ONCE(country_idx > COUNTRY_MAX) {
+      return;
+    }
+    increment_v3_ns_request((country_t) country_idx);
   }
 }
 

diff --git a/src/lib/geoip/country.h b/src/lib/geoip/country.h
@@ -11,4 +11,6 @@
 /** A signed integer representing a country code. */
 typedef int16_t country_t;
 
+#define COUNTRY_MAX INT16_MAX
+
 #endif