[tor-bugs] #15901 [Tor]: apparent memory corruption -- very difficult to isolate

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Aug 24 17:24:39 UTC 2015 

#15901: apparent memory corruption -- very difficult to isolate
---------------------------+--------------------------------
     Reporter:  starlight  |      Owner:
         Type:  defect     |     Status:  new
     Priority:  critical   |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor        |    Version:  Tor: 0.2.6.10
   Resolution:             |   Keywords:
Actual Points:             |  Parent ID:
       Points:             |
---------------------------+--------------------------------

Comment (by starlight):

 Ran `infgen` on a couple of different zlib compressed
 copies of the specific consensus document, including
 one that was downloaded from another relay at the time
 of the event.  Does not look like corruption
 of zlib inflate is the specific problem here since the
 corruption occurs in the middle of a string that
 zlib consistently determines as too unique to place
 in the dictionary.

 {{{
 literal 'pidsFRonline3 rGb/pKs1pZ
 match 3 141
 literal 'b9McACL8k2Kelw ZJ4/u/tLCi38okB0elroXaGaKgM
 match 16 20174
 match 5 7141
 match 4 13902
 match 5 17841
 literal '6
 match 4 773
 literal '3
 match 66 1208
 match 16 1417
 literal '52
 match 22 969
 literal 'FBIPartyTrain rHDXjAZho0VTaXtMkOjCyGF1QW0
 vtGOeTZ3wDFo4Dx70WWeGMlO4gs
 match 16 32244
 match 4 5143
 match 5 12599
 match 4 17643
 literal '39.
 match 8 28994
 literal '2
 match 3 704
 literal '5
 match 40 3307
 match 39 3109
 match 7 979
 match 4 18037
 match 3 98
 literal 'rHF6AbjjwA52F+9lEXpOmcAtx6A db5OxPMAy53jJf3zHgkQg20Z1HI
 }}}

 {{{
 literal 'w VoQVaXe4yfxn8QllcFhdf4PEwk
 match 16 3972
 match 4 27288
 literal '9
 match 6 17937
 literal '5
 match 5 28863
 match 5 15883
 match 52 19906
 literal '5
 match 18 5579
 match 22 11060
 literal 'ughmudd
 match 4 3136
 literal 'nTUAd5Dh4212x1HlRV3jVzTBgU Ib9ENWJVQ6+5OJlyxe5b/VFLeq
 match 16 24397
 match 4 24963
 literal '6
 match 5 1521
 match 4 11060
 match 3 529
 literal '0
 match 78 18130
 literal '4
 match 22 17938
 literal 'Fore
 match 5 21104
 literal 'rn/S9LXVEwN8E2fnISY3ZhP
 match 3 573
 literal 'c UMz8kgLbX3E3KvsXCHxDztT6jN0
 }}}

 also

 {{{
 literal 'nQPPi1x9yiWdOI62lr1V5J
 match 3 3394
 literal 'w VoQVaXe4yfxn8QllcFhdf4PEwk
 match 16 3972
 match 4 27288
 literal '9
 match 6 17937
 literal '5
 match 5 28863
 match 5 15883
 match 52 19906
 match 17 8266
 match 22 5578
 literal 'Toughmudd
 match 4 3136
 literal 'nTUAd5Dh4212x1HlRV3jVzTBgU Ib9ENWJVQ6+5OJlyxe5b/VFLeq
 match 16 24397
 match 4 24963
 literal '6
 match 5 1521
 match 4 11060
 match 3 529
 match 62 28438
 match 18 11082
 match 22 17938
 literal 'Fore
 match 5 21104
 literal 'rn/S9LXVEwN8E2fnISY3ZhP
 match 3 573
 literal 'c UMz8kgLbX3E3KvsXCHxDztT6jN0
 }}}

 The corruption does not correspond with
 any of it.  As I suspected, the SHA1
 digests are random enough (one would hope!)
 to be, for the most part, entirely unique.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15901#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list