[tor-bugs] #14803 [Tor]: Tor segfault with hidden service SETCONF

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 9 03:31:18 UTC 2015 

#14803: Tor segfault with hidden service SETCONF
--------------------------+-----------------
     Reporter:  atagar    |      Owner:
         Type:  defect    |     Status:  new
     Priority:  critical  |  Milestone:
    Component:  Tor       |    Version:
   Resolution:            |   Keywords:
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+-----------------

Comment (by arma):

 Mine doesn't seg fault, but valgrind picks up on something:
 {{{
 ==13438== Invalid write of size 1
 ==13438==    at 0x168973: rend_config_services (rendservice.c:407)
 ==13438==    by 0x1CBFAE: options_validate (config.c:3548)
 ==13438==    by 0x1D01B4: options_trial_assign (config.c:2047)
 ==13438==    by 0x1EB8FD: control_setconf_helper (control.c:739)
 ==13438==    by 0x1EFD04: connection_control_process_inbuf (control.c:786)
 ==13438==    by 0x1D9A84: connection_handle_read (connection.c:3339)
 ==13438==    by 0x1411B0: conn_read_callback (main.c:777)
 ==13438==    by 0x52D9253: event_base_loop (in /usr/lib/x86_64-linux-
 gnu/libevent-2.0.so.5.1.7)
 ==13438==    by 0x141AFC: do_main_loop (main.c:2117)
 ==13438==    by 0x144AAC: tor_main (main.c:3096)
 ==13438==    by 0x5F92EAC: (below main) (libc-start.c:244)
 ==13438==  Address 0x8ef96dc is 0 bytes after a block of size 28 alloc'd
 ==13438==    at 0x4C28BED: malloc (in /usr/lib/valgrind
 /vgpreload_memcheck-amd64-linux.so)
 ==13438==    by 0x230C97: tor_malloc_ (util.c:167)
 ==13438==    by 0x230D35: tor_malloc_zero_ (util.c:193)
 ==13438==    by 0x168BA0: rend_config_services (rendservice.c:317)
 ==13438==    by 0x1CBFAE: options_validate (config.c:3548)
 ==13438==    by 0x1D01B4: options_trial_assign (config.c:2047)
 ==13438==    by 0x1EB8FD: control_setconf_helper (control.c:739)
 ==13438==    by 0x1EFD04: connection_control_process_inbuf (control.c:786)
 ==13438==    by 0x1D9A84: connection_handle_read (connection.c:3339)
 ==13438==    by 0x1411B0: conn_read_callback (main.c:777)
 ==13438==    by 0x52D9253: event_base_loop (in /usr/lib/x86_64-linux-
 gnu/libevent-2.0.so.5.1.7)
 ==13438==    by 0x141AFC: do_main_loop (main.c:2117)
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14803#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list