#30996: namemap_get_or_create_id reads past its allocated memory
------------------------------+--------------------
Reporter: arma | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------
running valgrind on moria1, running git master
{{{
Jun 26 15:48:27.309 [notice] Tor 0.4.2.0-alpha-dev (git-6afe1b00c9c73b1b)
running on Linux with Libevent 2.2.0-alpha-dev, OpenSSL 1.0.1e-fips, Zlib
1.2.3, Liblzma N/A, and Libzstd N/A.
}}}
I get at startup a pile of these:
{{{
==48499== Invalid read of size 4
==48499== at 0x30E83A: namemap_get_or_create_id (namemap.c:29)
==48499== by 0x301792: get_subsys_id (dispatch_naming.c:62)
==48499== by 0x169D75: subsystems_add_pubsub_upto (subsysmgr.c:131)
==48499== by 0x168A95: tor_run_main (main.c:1239)
==48499== by 0x165D52: tor_main (tor_api.c:164)
==48499== by 0x1659D8: main (tor_main.c:32)
==48499== Address 0x72bdc40 is 32 bytes inside a block of size 33 alloc'd
==48499== at 0x4A06A2E: malloc (vg_replace_malloc.c:270)
==48499== by 0x322397: tor_malloc_ (malloc.c:45)
==48499== by 0x322685: tor_malloc_zero_ (malloc.c:71)
==48499== by 0x30E7F6: namemap_get_or_create_id (namemap.c:147)
==48499== by 0x301792: get_subsys_id (dispatch_naming.c:62)
==48499== by 0x169D75: subsystems_add_pubsub_upto (subsysmgr.c:131)
==48499== by 0x168A95: tor_run_main (main.c:1239)
==48499== by 0x165D52: tor_main (tor_api.c:164)
==48499== by 0x1659D8: main (tor_main.c:32)
}}}
Looks like it's allocating some space, and then trying to use more than it
allocated?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30996>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online