[tor-bugs] #22924 [Core Tor/Tor]: signed integer overflow in unit tests crashes hardened build on 32-bit trusty

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jul 14 17:54:34 UTC 2017 

#22924: signed integer overflow in unit tests crashes hardened build on 32-bit
trusty
------------------------------+--------------------------------
     Reporter:  nickm         |      Owner:  nickm
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: 0.3.2.x-final
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------------
 If I build on gcc with --enable-fragile-hardening on ubuntu trusty, I get
 a crash in dir/download_status_random_backoff :

 {{{
 #0  0xf7fd9d70 in __kernel_vsyscall ()
 #1  0xf6599827 in raise () from /lib/i386-linux-gnu/libc.so.6
 #2  0xf659cc53 in abort () from /lib/i386-linux-gnu/libc.so.6
 #3  0x56e5e16c in __addvsi3 ()
 #4  0x5679e366 in download_status_random_backoff_helper (
     min_delay=min_delay at entry=0, max_delay=max_delay at entry=2147483647)
     at src/test/test_dir.c:4167
 #5  0x5679e699 in test_dir_download_status_random_backoff (arg=0x0)
     at src/test/test_dir.c:4196
 #6  0x56a519dc in testcase_run_bare_ (
     testcase=testcase at entry=0x5724e0c0 <dir_tests+640>)
     at src/ext/tinytest.c:106
 #7  0x56a51de1 in testcase_run_one (group=<optimized out>,
     group at entry=0x572346b0 <testgroups+208>, testcase=<optimized out>,
     testcase at entry=0x5724e0c0 <dir_tests+640>) at src/ext/tinytest.c:253
 #8  0x56a532c4 in tinytest_main (c=2, v=0xffffd764,
     groups=0x572345e0 <testgroups>) at src/ext/tinytest.c:435
 #9  0x5661eede in main (c=2, v=<optimized out>)
     at src/test/testing_common.c:319

 }}}

 I think this has something to do with our fixes for #17750 or #20534, but
 I'm not certain.

 I have a patch that fixes this issue for me.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22924>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list