[tor-bugs] #11519 [Tor]: uninitialized timeval causing valgrind errors

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 14 23:22:00 UTC 2014 

#11519: uninitialized timeval causing valgrind errors
------------------------+------------------------------------
 Reporter:  robgjansen  |          Owner:
     Type:  defect      |         Status:  new
 Priority:  normal      |      Milestone:
Component:  Tor         |        Version:  Tor: 0.2.5.3-alpha
 Keywords:              |  Actual Points:
Parent ID:              |         Points:
------------------------+------------------------------------
 I noticed some valgrind errors while debugging Tor 0.2.5.2-alpha in
 Shadow. The problem still exists in Tor master as of today.

 In circuituse.c, line 1518, the {{{struct timeval old_timestamp_began;}}}
 is declared, but never initialized before being used on line 1556:

 {{{
 control_event_circuit_cannibalized(circ, old_purpose,
                                          &old_timestamp_began);
 }}}

 Should {{{old_timestamp_began}}} have been set to
 {{{circ->base_.timestamp_began}}} before updating
 {{{circ->base_.timestamp_began}}} in line 1553?

 Some valgrind backtraces:

 {{{
 ==28186== Conditional jump or move depends on uninitialised value(s)
 ==28186==    at 0x3F2EC48DF9: vfprintf (vfprintf.c:1635)
 ==28186==    by 0x3F2EC74CB2: vasprintf (vasprintf.c:62)
 ==28186==    by 0x5FDEBEF: tor_vasprintf (compat.c:435)
 ==28186==    by 0x5EAC662: send_control_event_impl (control.c:615)
 ==28186==    by 0x5EA71C5: send_control_event (control.c:635)
 ==28186==    by 0x5EA75BF: control_event_circuit_status_minor
 (control.c:3586)
 ==28186==    by 0x5EA7649: control_event_circuit_cannibalized
 (control.c:3621)
 ==28186==    by 0x5F7A748: circuit_launch_by_extend_info
 (circuituse.c:1555)
 ==28186==    by 0x5F7CACA: circuit_get_open_circ_or_launch
 (circuituse.c:1844)
 ==28186==    by 0x5F7B725: connection_ap_handshake_attach_circuit
 (circuituse.c:2149)
 ==28186==    by 0x5F9C34E: connection_ap_make_link
 (connection_edge.c:2025)
 ==28186==    by 0x5EF2EF8: directory_initiate_command_rend
 (directory.c:1029)
 ==28186==  Uninitialised value was created by a stack allocation
 ==28186==    at 0x5E82580: ??? (in /tmp/I2JBEX-libshadow-plugin-
 scallion.so)
 }}}

 {{{
 ==28186== Conditional jump or move depends on uninitialised value(s)
 ==28186==    at 0x3F2ECB4DB1: __strftime_internal (strftime_l.c:993)
 ==28186==    by 0x3F2ECB6622: strftime_l (strftime_l.c:481)
 ==28186==    by 0x5FEAA47: format_iso_time (util.c:1500)
 ==28186==    by 0x5FEAA7C: format_iso_time_nospace (util.c:1508)
 ==28186==    by 0x5FEAAF9: format_iso_time_nospace_usec (util.c:1519)
 ==28186==    by 0x5EA7417: control_event_circuit_status_minor
 (control.c:3566)
 ==28186==    by 0x5EA7649: control_event_circuit_cannibalized
 (control.c:3621)
 ==28186==    by 0x5F7A748: circuit_launch_by_extend_info
 (circuituse.c:1555)
 ==28186==    by 0x5F7CACA: circuit_get_open_circ_or_launch
 (circuituse.c:1844)
 ==28186==    by 0x5F7B725: connection_ap_handshake_attach_circuit
 (circuituse.c:2149)
 ==28186==    by 0x5F9C34E: connection_ap_make_link
 (connection_edge.c:2025)
 ==28186==    by 0x5EF2EF8: directory_initiate_command_rend
 (directory.c:1029)
 ==28186==  Uninitialised value was created by a stack allocation
 ==28186==    at 0x5E82580: ??? (in /tmp/I2JBEX-libshadow-plugin-
 scallion.so)
 }}}

 {{{
 ==28186== Conditional jump or move depends on uninitialised value(s)
 ==28186==    at 0x5FE2296: correct_tm (compat.c:2559)
 ==28186==    by 0x5FE2516: tor_gmtime_r (compat.c:2673)
 ==28186==    by 0x5FEAA2A: format_iso_time (util.c:1500)
 ==28186==    by 0x5FEAA7C: format_iso_time_nospace (util.c:1508)
 ==28186==    by 0x5FEAAF9: format_iso_time_nospace_usec (util.c:1519)
 ==28186==    by 0x5EA7417: control_event_circuit_status_minor
 (control.c:3566)
 ==28186==    by 0x5EA7649: control_event_circuit_cannibalized
 (control.c:3621)
 ==28186==    by 0x5F7A748: circuit_launch_by_extend_info
 (circuituse.c:1555)
 ==28186==    by 0x5F7CACA: circuit_get_open_circ_or_launch
 (circuituse.c:1844)
 ==28186==    by 0x5F7B725: connection_ap_handshake_attach_circuit
 (circuituse.c:2149)
 ==28186==    by 0x5F9C34E: connection_ap_make_link
 (connection_edge.c:2025)
 ==28186==    by 0x5EF2EF8: directory_initiate_command_rend
 (directory.c:1029)
 ==28186==  Uninitialised value was created by a stack allocation
 ==28186==    at 0x5E82580: ??? (in /tmp/I2JBEX-libshadow-plugin-
 scallion.so)
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11519>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list