We're calling mallocfn() and reallocfn() in the HT_GENERATE macro
with the result of a product.  But that makes any sane analyzer
worry about overflow.

This patch keeps HT_GENERATE having its old semantics, since we
aren't the only project using ht.h.  Instead, define a HT_GENERATE2
that takes a reallocarrayfn.

Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".

Philip Van Hoof authored Aug 23, 2014 and Nick Mathewson committed Sep 01, 2014

(Edited to use existing ARRAY_LENGTH macro --nickm)

It's now a protocol-warn, since there's nothing relay operators can
do about a client that sends them a malformed create cell.

Resolves bug 12996; bugfix on 0.0.6rc1.

Instead of putting it all in one warning message, log what exactly
was wrong with the circuit.

Resolves ticket 12997.

dana koch authored Aug 27, 2014 and Nick Mathewson committed Aug 29, 2014

This is using the paradigm introduced for test_status.c.

Roger Dingledine authored Aug 27, 2014 and Nick Mathewson committed Aug 28, 2014

The fix for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword when
it appears on the commandline (which allowed the user to set her own
HashedControlPassword in the torrc file while the controller generates
a fresh session password for each run).

Fixes bug 12948; bugfix on 0.2.5.1-alpha.

This way, we don't get locking failures when we hit an assertion in
the unit tests.  Also, we might find out about unit test bugs from
folks who can't do gdb.

It had been used in consensus method 1.  But now that 13 is the
minimum (see #10163), we don't need it around.

Found by sysrqb.

This is related to the rest of 523587a5

Using the *_array() functions here confused coverity, and was actually
a bit longer than we needed.  Now we just use macros for the repeated
bits, so that we can mention a file and a suffix-appended version in
one line.

Conflicts:
	src/or/circuitlist.c

Specifically, count the age of the data queued in a linked directory
connection's buffers when counting a stream's age.

Another part of 11792.

Part of 11792.

(Uses the zlib-endorsed formula for memory needs for inflate/deflate
from "zconf.h".)

We had some code to fix up the 'status' return value to -1 on error
if it wasn't set, but it was unreachable because our code was
correct.  Tweak this by initializing status to -1, and then only
setting it to 0 on success.  Also add a goto which was missing: its
absence was harmless.

[CID 718614, 718616]

[CID 1205014]

This allows coverity to infer that we aren't leaking them.

[Fixes a lot of CIDs]

Found by coverity, which noticed that if you said
  tor-gencert -i identity1 -i identity2
we would leak "identity1".

[CID 1198201, 1198202, 1198203]

Also explain why we aren't checking its return value.

[CID 1198197]

Also, make it clearer that chunks cannot be NULL

[CID 1031750, 1031751]

The unsigned underflow here is defined and intentional.

CID 202482

This was freaking out coverity.

[CID 743379]

The unsigned underflow here is defined and intentional.

CID 202482

[CID 718609]

(We allowed it previously, but produced an LD_BUG message when it
happened, which is not consistent

Also, remove inconsistent NULL checks before calling
rend_service_intro_free.

(Removing the check is for CID 718613)