[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #22231 [Core Tor/Tor]: prevent recurrence of CID 1397192

Subject: [tor-bugs] #22231 [Core Tor/Tor]: prevent recurrence of CID 1397192
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 11 May 2017 16:47:08 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 11 May 2017 12:47:18 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22231: prevent recurrence of CID 1397192
------------------------------+------------------------------
     Reporter:  catalyst      |      Owner:  catalyst
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: unspecified
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+------------------------------
 Coverity found a possible double free in CID 1397192, which dgoulet
 dismissed as a False Positive.  I think I found the logic by which
 Coverity considered a double free possible.  The `done` block in
 `test_intro_point_registration()` has some calls to `tt_assert()` that can
 jump backwards if the assertion fails, causing a double free in that
 unlikely event.

 The block that tests `hs_circuitmap_free_all()` should probably be in a
 helper function with its own `done` label that doesn't lead to a double
 free if the assertion fails.

 For reasons I don't understand, it looks like the renames in
 6bacc3c7a88509043613d3bc29534c0ecf8803b1 caused Coverity to no longer see
 this potential double free, even though it looks like it changed nothing
 relevant.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22231>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #22231 [Core Tor/Tor]: prevent recurrence of CID 1397192
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22231 [Core Tor/Tor]: prevent recurrence of CID 1397192
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22231 [Core Tor/Tor]: prevent recurrence of CID 1397192
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22231 [Core Tor/Tor]: prevent recurrence of CID 1397192
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #22200 [User Experience/Website]: Wireframes for support.torproject.org subpages
Next by Author: Re: [tor-bugs] #9390 [Core Tor/Tor]: Warn if you're being a public relay but have too-low file descriptor limit
Previous by thread: Re: [tor-bugs] #17598 [Core Tor/Tor]: Trace cell queue times in Tor to measure Tor application "congestion"
Next by thread: Re: [tor-bugs] #22231 [Core Tor/Tor]: prevent recurrence of CID 1397192
Index(es):
- Author
- Thread