[tor-bugs] #15901 [Tor]: apparent memory corruption -- very difficult to isolate
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 24 16:27:18 UTC 2015
#15901: apparent memory corruption -- very difficult to isolate
---------------------------+--------------------------------
Reporter: starlight | Owner:
Type: defect | Status: new
Priority: critical | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: 0.2.6.10
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
---------------------------+--------------------------------
Comment (by starlight):
A counter-argument exists to the idea that
zlib INFLATE is the cause. The corruption
is exactly eight bytes and is 64-bit aligned
in memory. I'm going back and looking at
all the core files to see if this pattern
is the same.
INFLATE works with arbitrary length dictionary
strings and the probability that the bad
one is eight bytes on an eight-byte memory
boundary is not especially high. Edge
of the string is in the middle of a 160-bit
SHA1 hash and one would expect uniqueness
to extend further. I'll also try running
a debug zlib deflate/inflate of this
consensus document to see what the dictionary
and token stream looks like.
If the other cores look the same and zlib
compression boundaries don't match the corruption,
I'm back at "semi-random memory pointer corruption"
and will proceed with write-protecting the
consensus document, making sure to do it
incrementally as it is uncompressed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15901#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list