[tor-bugs] #22231 [Core Tor/Tor]: prevent recurrence of CID 1397192
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 11 16:47:08 UTC 2017
#22231: prevent recurrence of CID 1397192
------------------------------+------------------------------
Reporter: catalyst | Owner: catalyst
Type: defect | Status: new
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+------------------------------
Coverity found a possible double free in CID 1397192, which dgoulet
dismissed as a False Positive. I think I found the logic by which
Coverity considered a double free possible. The `done` block in
`test_intro_point_registration()` has some calls to `tt_assert()` that can
jump backwards if the assertion fails, causing a double free in that
unlikely event.
The block that tests `hs_circuitmap_free_all()` should probably be in a
helper function with its own `done` label that doesn't lead to a double
free if the assertion fails.
For reasons I don't understand, it looks like the renames in
6bacc3c7a88509043613d3bc29534c0ecf8803b1 caused Coverity to no longer see
this potential double free, even though it looks like it changed nothing
relevant.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22231>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list