[tor-bugs] #15901 [Tor]: apparent memory corruption -- very difficult to isolate
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 24 11:52:25 UTC 2015
#15901: apparent memory corruption -- very difficult to isolate
---------------------------+--------------------------------
Reporter: starlight | Owner:
Type: defect | Status: new
Priority: critical | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.6.10
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
---------------------------+--------------------------------
Comment (by someone_else):
Actually looking at the source code, it doesn't look like random memory
corruption or a threading issue. The consensus document signatures are
checked as soon as the new document is downloaded:
src/or/directory.c::connection_dir_client_reached_eof(dir_connection_t
*conn)
{{{
...
// networkstatus_set_current_consensus performs signature check
if ((r=networkstatus_set_current_consensus(body, flavname, 0))<0) {
...
}}}
Looking at your log files, you are downloading the consensus from multiple
different directories and it gets corrupted the same way each time. In
your 'event04_messages.txt' the same descriptor is corrupted. This points
to a potential gzip or zlib decoding issue (maybe the decompression code
is getting miscompiled).
The best chance of tracking this down is probably to instrument the
function mentioned above and save both the compressed and uncompressed
versions of the consensus to disk.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15901#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list