[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15901 [Tor]: apparent memory corruption -- very difficult to isolate

Subject: Re: [tor-bugs] #15901 [Tor]: apparent memory corruption -- very difficult to isolate
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 24 Aug 2015 16:27:18 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 24 Aug 2015 12:27:40 -0400
In-reply-to: <049.41716a4b6c86c2bb02d6cc277c6cbc47@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.41716a4b6c86c2bb02d6cc277c6cbc47@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15901: apparent memory corruption -- very difficult to isolate
---------------------------+--------------------------------
     Reporter:  starlight  |      Owner:
         Type:  defect     |     Status:  new
     Priority:  critical   |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor        |    Version:  Tor: 0.2.6.10
   Resolution:             |   Keywords:
Actual Points:             |  Parent ID:
       Points:             |
---------------------------+--------------------------------

Comment (by starlight):

 A counter-argument exists to the idea that
 zlib INFLATE is the cause.  The corruption
 is exactly eight bytes and is 64-bit aligned
 in memory.  I'm going back and looking at
 all the core files to see if this pattern
 is the same.

 INFLATE works with arbitrary length dictionary
 strings and the probability that the bad
 one is eight bytes on an eight-byte memory
 boundary is not especially high.  Edge
 of the string is in the middle of a 160-bit
 SHA1 hash and one would expect uniqueness
 to extend further.  I'll also try running
 a debug zlib deflate/inflate of this
 consensus document to see what the dictionary
 and token stream looks like.

 If the other cores look the same and zlib
 compression boundaries don't match the corruption,
 I'm back at "semi-random memory pointer corruption"
 and will proceed with write-protecting the
 consensus document, making sure to do it
 incrementally as it is uncompressed.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15901#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #15901 [Tor]: apparent memory corruption -- very difficult to isolate
Next by Author: Re: [tor-bugs] #15493 [Tor Browser]: Redirects sometimes seem to break circuit status UI
Previous by thread: Re: [tor-bugs] #15901 [Tor]: apparent memory corruption -- very difficult to isolate
Next by thread: Re: [tor-bugs] #15901 [Tor]: apparent memory corruption -- very difficult to isolate
Index(es):
- Author
- Thread