[tor-bugs] #21161 [Core Tor/Tor]: Invalid free() when a hidden service is configured, to a hostname destination, but we have no network

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jan 7 10:28:07 UTC 2017


#21161: Invalid free() when a hidden service is configured, to a hostname
destination, but we have no network
------------------------------+--------------------------------
     Reporter:  arma          |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: 0.3.0.x-final
    Component:  Core Tor/Tor  |    Version:  Tor: 0.3.0.1-alpha
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------------
 Set up your Tor to offer a hidden service, and use a hostname destination,
 like localhost:80, on the HiddenServicePort line.

 Then ifdown eth0 so you have no network.

 Then run {{{valgrind tor --verify-config}}}

 and voila, you get this complaint:
 {{{
 Configuration was valid
 ==31082== Invalid free() / delete / delete[] / realloc()
 ==31082==    at 0x4C29E90: free (in /usr/lib/valgrind/vgpreload_memcheck-
 amd64-linux.so)
 ==31082==    by 0x63A116B: __libc_freeres (in /lib/x86_64-linux-
 gnu/libc-2.19.so)
 ==31082==    by 0x4A236CC: _vgnU_freeres (in /usr/lib/valgrind
 /vgpreload_core-amd64-linux.so)
 ==31082==    by 0x628CAEA: __run_exit_handlers (exit.c:97)
 ==31082==    by 0x628CB74: exit (exit.c:104)
 ==31082==    by 0x6276B4B: (below main) (libc-start.c:321)
 ==31082==  Address 0x65fa2d0 is 0 bytes inside data symbol
 "noai6ai_cached"
 }}}

 If you leave off the --verify-config, you can trigger the same thing, by
 starting, and then after a while ctrl-C'ing your Tor so it exits, at which
 point you get something similar:

 {{{
 ==8895== Invalid free() / delete / delete[] / realloc()
 ==8895==    at 0x4C29E90: free (in /usr/lib/valgrind/vgpreload_memcheck-
 amd64-linux.so)
 ==8895==    by 0x63A116B: __libc_freeres (in /lib/x86_64-linux-
 gnu/libc-2.19.so)
 ==8895==    by 0x4A236CC: _vgnU_freeres (in /usr/lib/valgrind
 /vgpreload_core-amd64-linux.so)
 ==8895==    by 0x628CAEA: __run_exit_handlers (exit.c:97)
 ==8895==    by 0x628CB74: exit (exit.c:104)
 ==8895==    by 0x154686: process_signal (main.c:2601)
 ==8895==    by 0x154686: signal_callback (main.c:2583)
 ==8895==    by 0x5361A14: event_base_loop (in /usr/lib/x86_64-linux-
 gnu/libevent-2.0.so.5.1.9)
 ==8895==    by 0x152B53: run_main_loop_once (main.c:2514)
 ==8895==    by 0x152B53: run_main_loop_until_done (main.c:2568)
 ==8895==    by 0x152B53: do_main_loop (main.c:2481)
 ==8895==    by 0x1562B4: tor_main (main.c:3628)
 ==8895==    by 0x14E408: main (tor_main.c:34)
 ==8895==  Address 0x65fa2d0 is 0 bytes inside data symbol "noai6ai_cached"
 }}}

 It's not clear to me what is going wrong.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21161>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list