[tor-bugs] #19130 [Core Tor/Tor]: Seg fault in round_int64_to_next_multiple_of()

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu May 19 18:49:33 UTC 2016 

#19130: Seg fault in round_int64_to_next_multiple_of()
------------------------------+-----------------
     Reporter:  arma          |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+-----------------
 On moria1, git 249f3a16
 {{{
 #0  0x00007f8412479625 in raise () from /lib64/libc.so.6
 #1  0x00007f841247ae05 in abort () from /lib64/libc.so.6
 #2  0x00007f8413caee1d in __subvdi3 ()
 #3  0x00007f8413c5ddc0 in round_int64_to_next_multiple_of (number=72742,
     divisor=1024) at src/common/util.c:523
 #4  0x00007f8413b7d004 in rep_hist_format_hs_stats (now=1463682482)
     at src/or/rephist.c:3074
 #5  rep_hist_hs_stats_write (now=1463682482) at src/or/rephist.c:3122
 #6  0x00007f8413b4b3f8 in write_stats_file_callback (now=1463682482,
     options=0x7f84146c6880) at src/or/main.c:1761
 #7  0x00007f8413b60ef0 in periodic_event_dispatch (fd=<value optimized
 out>,
     what=<value optimized out>, data=0x7f8413f4b260) at
 src/or/periodic.c:52
 #8  0x00007f841323cb44 in event_base_loop () from
 /usr/lib64/libevent-1.4.so.2
 #9  0x00007f8413b48e2a in run_main_loop_once () at src/or/main.c:2548
 #10 run_main_loop_until_done () at src/or/main.c:2592
 #11 do_main_loop () at src/or/main.c:2520
 #12 0x00007f8413b49ec5 in tor_main (argc=<value optimized out>,
     argv=<value optimized out>) at src/or/main.c:3647
 #13 0x00007f8413b45ec9 in main (argc=<value optimized out>,
     argv=<value optimized out>) at src/or/tor_main.c:30
 (gdb) up
 #1  0x00007f841247ae05 in abort () from /lib64/libc.so.6
 (gdb) up
 #2  0x00007f8413caee1d in __subvdi3 ()
 (gdb) up
 #3  0x00007f8413c5ddc0 in round_int64_to_next_multiple_of (number=72742,
     divisor=1024) at src/common/util.c:523
 523       if (INT64_MAX - divisor + 1 < number)
 }}}

 Looks like it's in the "add noise when reporting the number of onion
 addresses it's seen" area.

 I do have a couple of local patches applied to moria1, but "surely" they
 aren't interacting with this bug.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19130>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list