From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 27 Sep 2018 20:30:02 +0000 (-0400)
Subject: Detect an unlikely integer overflow.
X-Git-Tag: tor-0.3.5.3-alpha~36
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b058f64cc002b44e6dd48616ca3163a01c3f3e14;p=thirdparty%2Ftor.git

Detect an unlikely integer overflow.
---

diff --git a/src/feature/stats/geoip_stats.c b/src/feature/stats/geoip_stats.c
index 3e647bd46c..1a4f8ddfb0 100644
--- a/src/feature/stats/geoip_stats.c
+++ b/src/feature/stats/geoip_stats.c
@@ -265,7 +265,10 @@ geoip_note_client_seen(geoip_client_action_t action,
     int country_idx = geoip_get_country_by_addr(addr);
     if (country_idx < 0)
       country_idx = 0; /** unresolved requests are stored at index 0. */
-    increment_v3_ns_request(country_idx);
+    IF_BUG_ONCE(country_idx > COUNTRY_MAX) {
+      return;
+    }
+    increment_v3_ns_request((country_t) country_idx);
   }
 }
 
diff --git a/src/lib/geoip/country.h b/src/lib/geoip/country.h
index e4ad0752b3..080c156023 100644
--- a/src/lib/geoip/country.h
+++ b/src/lib/geoip/country.h
@@ -11,4 +11,6 @@
 /** A signed integer representing a country code. */
 typedef int16_t country_t;
 
+#define COUNTRY_MAX INT16_MAX
+
 #endif