[tor-bugs] #3390 [Tor Relay]: Tor exit node crashed
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Jun 17 19:41:46 UTC 2011
#3390: Tor exit node crashed
-----------------------+----------------------------------------------------
Reporter: whabib | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Relay | Version:
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by nickm):
Hm. We're talking about overwriting the desc_by_eid_map entry? I don't
see how that can cause this bug. If both ri_new and ri_old have the same
nonzero extra_info_digest, then:
* First, we `sdmap_set(rl->desc_by_eid_map,
ri_new->cache_info.extra_info_digest, &ri_new->cache_info);`
* Next, if we decide to keep the old routerinfo, we make ri_old into an
sd, and call `sdmap_set(rl->desc_by_eid_map, sd->extra_info_digest, sd);`.
That makes the map entry point to sd, which shouldn't cause this
particular assertion.
* ...or if we decide NOT to keep the old routerinfo, and the descriptors
are different, we call `sdmap_remove(rl->desc_by_eid_map,
ri_old->cache_info.extra_info_digest);`. This would make there be ''no''
entry for this particular extrainfo_digest, which also wouldn't cause this
assertion AFAICT.
* OTOH, if we decide not to keep the old routerinfo, and the descriptors
are the same, they necessarily have the same extrainfo_digest, so there
can't be a dangling pointer in the map.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3390#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list