[tor-bugs] #14803 [Tor]: Tor segfault with hidden service SETCONF
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 9 03:36:08 UTC 2015
#14803: Tor segfault with hidden service SETCONF
--------------------------+-----------------
Reporter: atagar | Owner:
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
--------------------------+-----------------
Comment (by arma):
Replying to [comment:2 arma]:
> ==13438== Invalid write of size 1
> ==13438== at 0x168973: rend_config_services (rendservice.c:407)
That line is
{{{
result->unix_addr[0] = '\0';
}}}
And unix_addr is
{{{
char unix_addr[FLEXIBLE_ARRAY_MEMBER];
}}}
What, you might ask, is FLEXIBLE_ARRAY_MEMBER?
I don't know either, but my orconfig.h says it is
{{{
/* Define to nothing if C supports flexible array members, and to 1 if it
does
not. That way, with a declaration like `struct s { int n; double
d[FLEXIBLE_ARRAY_MEMBER]; };', the struct hack can be used with pre-C99
compilers. When computing the size of such an object, don't use 'sizeof
(struct s)' as it overestimates the size. Use 'offsetof (struct s, d)'
instead. Don't use 'offsetof (struct s, d[0])', as this doesn't work
with
MSVC and with C++ compilers. */
#define FLEXIBLE_ARRAY_MEMBER /**/
}}}
So it is nothing at all.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14803#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list