[tor-bugs] #30996 [Core Tor/Tor]: namemap_get_or_create_id reads past its allocated memory
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 26 20:08:06 UTC 2019
#30996: namemap_get_or_create_id reads past its allocated memory
-------------------------------------+------------------------------------
Reporter: arma | Owner: nickm
Type: defect | Status: accepted
Priority: High | Milestone: Tor: 0.4.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: 041-must 041-regression | Actual Points:
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
-------------------------------------+------------------------------------
Comment (by nickm):
"32 bytes inside a block of size 33" sounds legal to me... but a "read of
size 4" here would of course not be illegal.
I note that line 29 is:
{{{
return (unsigned) siphash24g(a->name, strlen(a->name));
}}}
So unless it's actually complaining about siphash24g, it's complaining
about strlen(). I wonder if there is an issue with an optimized strlen
you have? Sometimes valgrind doesn't understand those. For example see
https://bugzilla.redhat.com/show_bug.cgi?id=518247 .
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30996#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list