[tor-bugs] #26269 [Core Tor/Tor]: new compiler warning src/or/router.c:2034:36: warning: potential null pointer dereference
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jun 3 07:13:06 UTC 2018
#26269: new compiler warning src/or/router.c:2034:36: warning: potential null
pointer dereference
--------------------------+------------------------------------
Reporter: toralf | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.4.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.4.1-alpha
Severity: Normal | Resolution:
Keywords: 034-must | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by sysrqb):
Replying to [ticket:26269 toralf]:
> {{{
> CC src/or/rephist.o
> CC src/or/router.o
> src/or/router.c: In function ‘router_my_exit_policy_is_reject_star’:
> src/or/router.c:2034:36: warning: potential null pointer dereference
[-Wnull-dereference]
> return router_get_my_routerinfo()->policy_is_reject_star;
> ~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
> src/or/router.c:2034:36: warning: potential null pointer dereference
[-Wnull-dereference]
> src/or/router.c:2034:36: warning: potential null pointer dereference
[-Wnull-dereference]
> src/or/router.c: In function ‘check_descriptor_bandwidth_changed’:
> src/or/router.c:2636:36: warning: potential null pointer dereference
[-Wnull-dereference]
> prev = router_get_my_routerinfo()->bandwidthcapacity;
> ~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
> src/or/router.c:2636:36: warning: potential null pointer dereference
[-Wnull-dereference]
> src/or/router.c:2636:36: warning: potential null pointer dereference
[-Wnull-dereference]
> src/or/router.c: In function ‘check_descriptor_ipaddress_changed’:
> src/or/router.c:2696:8: warning: potential null pointer dereference
[-Wnull-dereference]
> prev = router_get_my_routerinfo()->addr;
> ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> src/or/router.c:2696:8: warning: potential null pointer dereference
[-Wnull-dereference]
> src/or/router.c:2696:8: warning: potential null pointer dereference
[-Wnull-dereference]
These are actually (most likely) okay because there are null-checks
preceding each dereference.
> CC src/or/routerlist.o
> CC src/or/dirauth/shared_random.o
> }}}
> and
> {{{
> CC src/test/src_test_test-test_dos.o
> CC src/test/src_test_test-test_entrynodes.o
> src/test/test_entrynodes.c: In function
‘test_entry_guard_update_from_consensus_repair’:
> src/test/test_entrynodes.c:1254:26: warning: potential null pointer
dereference [-Wnull-dereference]
> n->is_possible_guard = 0;
> ~~~~~~~~~~~~~~~~~~~~~^~~
Each of these should be an easy fix, other locations in this test module
call `tt_assert` before using the returned ref from
`bfn_mock_node_get_by_id`.
> }}}
> at a stable Gentoo hardened Linux with app-forensics/afl 2.52b and gcc
(Gentoo Hardened 6.4.0-r1 p1.3) 6.4.0
>
This is only triggered at higher optimization level on amd64, as far as i
can tell. Specifically, I trigger it with -O3 (but not -O1 or -O2):
`./configure --enable-fatal-warnings --disable-asciidoc CFLAGS="-O3"`
I'm not sure exactly which optimization(s) cause these warnings. The gcc
man page for -Wnull-dereference says "This option is only active when
-fdelete-null-pointer-checks is active", but there are additional
optimizations required for triggering this - I'm just not sure which ones.
With regard to the `router.c` warnings above, I'm concerned the preceding
null checks are being optimized away at -O3, but I haven't confirmed this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26269#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list