commit 469f47ef8dc8b18104108f0437c860ec88fca6ad Author: Nick Mathewson nickm@torproject.org Date: Wed Nov 21 07:38:38 2018 -0500
Fix a fun heisenbug in memoize_protover_flags()
After we clear the protover map for getting full, we need to re-create it, since we are about to use it.
This is a bugfix for bug 28558. It is a bugfix for the code from ticket 27225, which is not in any released Tor. Found by Google OSS-Fuzz, as issue 11475. --- src/core/or/versions.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/core/or/versions.c b/src/core/or/versions.c index 6f8eea7a6..5d4effcaf 100644 --- a/src/core/or/versions.c +++ b/src/core/or/versions.c @@ -399,6 +399,7 @@ memoize_protover_summary(protover_summary_flags_t *out,
if (strmap_size(protover_summary_map) >= MAX_PROTOVER_SUMMARY_MAP_LEN) { protover_summary_cache_free_all(); + protover_summary_map = strmap_new(); }
const protover_summary_flags_t *cached =