From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 1 Sep 2015 13:43:37 +0000 (-0400)
Subject: Add a comment about CID 1311630 and why we won't worry about it.
X-Git-Tag: tor-0.2.7.3-rc~76
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=53c99cce5ecf1d9df9245fc91f7c11ee73295293;p=thirdparty%2Ftor.git

Add a comment about CID 1311630 and why we won't worry about it.
---

diff --git a/src/ext/ed25519/donna/modm-donna-64bit.h b/src/ext/ed25519/donna/modm-donna-64bit.h
index b22df2be75..012ea9ea08 100644
--- a/src/ext/ed25519/donna/modm-donna-64bit.h
+++ b/src/ext/ed25519/donna/modm-donna-64bit.h
@@ -261,6 +261,10 @@ contract256_slidingwindow_modm(signed char r[256], const bignum256modm s, int wi
 			continue;
 
 		for (b = 1; (b < (soplen - j)) && (b <= 6); b++) {
+			/* XXX Tor: coverity scan says that r[j+b] can
+			 * overflow, but that's not possible: b < (soplen-j)
+			 * guarantees that b + j < soplen, so b+j < 256,
+			 * so the index doesn't overflow. */
 			if ((r[j] + (r[j + b] << b)) <= m) {
 				r[j] += r[j + b] << b;
 				r[j + b] = 0;