[tor-bugs] #27893 [Core Tor/Tor]: memory leak in dump_config()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 27 16:46:59 UTC 2018
#27893: memory leak in dump_config()
------------------------------+--------------------------------
Reporter: nickm | Owner: nickm
Type: defect | Status: assigned
Priority: Medium | Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------------
I build with AddressSanitizer and run `./src/app/tor --dump-config non-
builtin`. This gives me:
{{{
Direct leak of 39 byte(s) in 2 object(s) allocated from:
#0 0x7fc058908c48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x7fc055a14c37 in __GI___vasprintf_chk (/lib64/libc.so.6+0x10ac37)
Direct leak of 17 byte(s) in 1 object(s) allocated from:
#0 0x7fc058855320 in strdup (/lib64/libasan.so.5+0x3b320)
#1 0x55c6f60d7780 in tor_strdup_ src/lib/malloc/malloc.c:165
#2 0x55c6f5f5b327 in validate_data_directories
src/app/config/config.c:7856
#3 0x55c6f5f5b327 in options_validate src/app/config/config.c:3385
#4 0x55c6f5f6c3d5 in options_validate_cb src/app/config/config.c:3146
#5 0x55c6f5f8df68 in config_dump src/app/config/confparse.c:964
#6 0x55c6f5a43cda in do_dump_config src/app/main/main.c:950
#7 0x55c6f5a43cda in tor_run_main src/app/main/main.c:1502
#8 0x55c6f5a3baab in tor_main src/feature/api/tor_api.c:164
#9 0x55c6f5a361eb in main src/app/main/tor_main.c:32
#10 0x7fc05592d11a in __libc_start_main (/lib64/libc.so.6+0x2311a)
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x7fc058908c48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x55c6f60d74da in tor_malloc_ src/lib/malloc/malloc.c:45
#2 0x55c6f60d3115 in smartlist_new
src/lib/smartlist_core/smartlist_core.c:28
#3 0x55c6f5f6294c in options_validate_scheduler
src/app/config/config.c:3239
#4 0x55c6f5f6294c in options_validate src/app/config/config.c:4533
#5 0x55c6f5f6c3d5 in options_validate_cb src/app/config/config.c:3146
#6 0x55c6f5f8df68 in config_dump src/app/config/confparse.c:964
#7 0x55c6f5a43cda in do_dump_config src/app/main/main.c:950
#8 0x55c6f5a43cda in tor_run_main src/app/main/main.c:1502
#9 0x55c6f5a3baab in tor_main src/feature/api/tor_api.c:164
#10 0x55c6f5a361eb in main src/app/main/tor_main.c:32
#11 0x7fc05592d11a in __libc_start_main (/lib64/libc.so.6+0x2311a)
Indirect leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7fc058908c48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x55c6f60d74da in tor_malloc_ src/lib/malloc/malloc.c:45
#2 0x55c6f60d7571 in tor_malloc_zero_ src/lib/malloc/malloc.c:71
#3 0x55c6f60d31c9 in smartlist_new
src/lib/smartlist_core/smartlist_core.c:31
#4 0x55c6f5f6294c in options_validate_scheduler
src/app/config/config.c:3239
#5 0x55c6f5f6294c in options_validate src/app/config/config.c:4533
#6 0x55c6f5f6c3d5 in options_validate_cb src/app/config/config.c:3146
#7 0x55c6f5f8df68 in config_dump src/app/config/confparse.c:964
#8 0x55c6f5a43cda in do_dump_config src/app/main/main.c:950
#9 0x55c6f5a43cda in tor_run_main src/app/main/main.c:1502
#10 0x55c6f5a3baab in tor_main src/feature/api/tor_api.c:164
#11 0x55c6f5a361eb in main src/app/main/tor_main.c:32
#12 0x7fc05592d11a in __libc_start_main (/lib64/libc.so.6+0x2311a)
Indirect leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7fc058908c48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x55c6f60d74da in tor_malloc_ src/lib/malloc/malloc.c:45
#2 0x55c6f60d7571 in tor_malloc_zero_ src/lib/malloc/malloc.c:71
#3 0x55c6f5f62bc3 in options_validate_scheduler
src/app/config/config.c:3243
#4 0x55c6f5f62bc3 in options_validate src/app/config/config.c:4533
#5 0x55c6f5f6c3d5 in options_validate_cb src/app/config/config.c:3146
#6 0x55c6f5f8df68 in config_dump src/app/config/confparse.c:964
#7 0x55c6f5a43cda in do_dump_config src/app/main/main.c:950
#8 0x55c6f5a43cda in tor_run_main src/app/main/main.c:1502
#9 0x55c6f5a3baab in tor_main src/feature/api/tor_api.c:164
#10 0x55c6f5a361eb in main src/app/main/tor_main.c:32
#11 0x7fc05592d11a in __libc_start_main (/lib64/libc.so.6+0x2311a)
Indirect leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7fc058908c48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x55c6f60d74da in tor_malloc_ src/lib/malloc/malloc.c:45
#2 0x55c6f60d7571 in tor_malloc_zero_ src/lib/malloc/malloc.c:71
#3 0x55c6f5f62a65 in options_validate_scheduler
src/app/config/config.c:3251
#4 0x55c6f5f62a65 in options_validate src/app/config/config.c:4533
#5 0x55c6f5f6c3d5 in options_validate_cb src/app/config/config.c:3146
#6 0x55c6f5f8df68 in config_dump src/app/config/confparse.c:964
#7 0x55c6f5a43cda in do_dump_config src/app/main/main.c:950
#8 0x55c6f5a43cda in tor_run_main src/app/main/main.c:1502
#9 0x55c6f5a3baab in tor_main src/feature/api/tor_api.c:164
#10 0x55c6f5a361eb in main src/app/main/tor_main.c:32
#11 0x7fc05592d11a in __libc_start_main (/lib64/libc.so.6+0x2311a)
Indirect leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7fc058908c48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x55c6f60d74da in tor_malloc_ src/lib/malloc/malloc.c:45
#2 0x55c6f60d7571 in tor_malloc_zero_ src/lib/malloc/malloc.c:71
#3 0x55c6f5f63318 in options_validate_scheduler
src/app/config/config.c:3247
#4 0x55c6f5f63318 in options_validate src/app/config/config.c:4533
#5 0x55c6f5f6c3d5 in options_validate_cb src/app/config/config.c:3146
#6 0x55c6f5f8df68 in config_dump src/app/config/confparse.c:964
#7 0x55c6f5a43cda in do_dump_config src/app/main/main.c:950
#8 0x55c6f5a43cda in tor_run_main src/app/main/main.c:1502
#9 0x55c6f5a3baab in tor_main src/feature/api/tor_api.c:164
#10 0x55c6f5a361eb in main src/app/main/tor_main.c:32
#11 0x7fc05592d11a in __libc_start_main (/lib64/libc.so.6+0x2311a)
}}}
I think this is happening because options_validate is called from
config_dump(), but config_dump() frees defaults_tmp using config_free
instead of or_options_free.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27893>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list