Re: [tor-bugs] #14803 [Tor]: Tor segfault with hidden service SETCONF

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#14803: Tor segfault with hidden service SETCONF
--------------------------+-----------------
     Reporter:  atagar    |      Owner:
         Type:  defect    |     Status:  new
     Priority:  critical  |  Milestone:
    Component:  Tor       |    Version:
   Resolution:            |   Keywords:
Actual Points:            |  Parent ID:
       Points:            |
--------------------------+-----------------

Comment (by arma):

 Replying to [comment:2 arma]:
 > ==13438== Invalid write of size 1
 > ==13438==    at 0x168973: rend_config_services (rendservice.c:407)

 That line is
 {{{
     result->unix_addr[0] = '\0';
 }}}

 And unix_addr is
 {{{
 char unix_addr[FLEXIBLE_ARRAY_MEMBER];
 }}}

 What, you might ask, is FLEXIBLE_ARRAY_MEMBER?

 I don't know either, but my orconfig.h says it is
 {{{
 /* Define to nothing if C supports flexible array members, and to 1 if it
 does
    not. That way, with a declaration like `struct s { int n; double
    d[FLEXIBLE_ARRAY_MEMBER]; };', the struct hack can be used with pre-C99
    compilers. When computing the size of such an object, don't use 'sizeof
    (struct s)' as it overestimates the size. Use 'offsetof (struct s, d)'
    instead. Don't use 'offsetof (struct s, d[0])', as this doesn't work
 with
    MSVC and with C++ compilers. */
 #define FLEXIBLE_ARRAY_MEMBER /**/
 }}}

 So it is nothing at all.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14803#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs