commit 85b46d57bcc40b8053dafe5d0ebb4b0bb611b484 Author: Nick Mathewson nickm@torproject.org Date: Fri Jan 17 12:04:53 2014 -0500
Check spawn_func() return value
If we don't, we can wind up with a wedged cpuworker, and write to it for ages and ages.
Found by skruffy. This was a bug in 2dda97e8fd898757, a.k.a. svn revision 402. It's been there since we have been using cpuworkers. --- changes/bug4345 | 6 ++++++ src/or/cpuworker.c | 7 ++++++- 2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/changes/bug4345 b/changes/bug4345 new file mode 100644 index 0000000..4975eea --- /dev/null +++ b/changes/bug4345 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Check return code on spawn_func() in cpuworker code, so that we don't + think we've spawned a nonworking cpuworker and write junk to it + forever. Fix for bug 4345; bugfix on all released Tor versions. + Found by "skruffy". + diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c index ecf0d20..2f9f527 100644 --- a/src/or/cpuworker.c +++ b/src/or/cpuworker.c @@ -528,7 +528,12 @@ spawn_cpuworker(void) tor_assert(SOCKET_OK(fdarray[1]));
fd = fdarray[0]; - spawn_func(cpuworker_main, (void*)fdarray); + if (spawn_func(cpuworker_main, (void*)fdarray) < 0) { + tor_close_socket(fdarray[0]); + tor_close_socket(fdarray[1]); + tor_free(fdarray); + return -1; + } log_debug(LD_OR,"just spawned a cpu worker."); #ifndef TOR_IS_MULTITHREADED tor_close_socket(fdarray[1]); /* don't need the worker's side of the pipe */