[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #20103 [Core Tor/Tor]: Crash on OpenBSD: tor invoked from Tor Browser 6.0.4
#20103: Crash on OpenBSD: tor invoked from Tor Browser 6.0.4
-----------------------------------------+---------------------------------
Reporter: attila | Owner:
Type: defect | Status: new
Priority: High | Milestone: Tor:
| 0.2.9.x-final
Component: Core Tor/Tor | Version: Tor: 0.2.8.7
Severity: Normal | Resolution:
Keywords: bug regression 028-backport | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------+---------------------------------
Comment (by rubiate):
Still crashes with the bug20103_028 branch.
{{{
==17092==ERROR: AddressSanitizer: heap-use-after-free on address
0x60e0004d8bb8 at pc 0x7fd113288016 bp 0x7ffc5d960c30 sp 0x7ffc5d960c28
READ of size 2 at 0x60e0004d8bb8 thread T0
#0 0x7fd113288015 in tor_addr_family src/common/address.h:155
#1 0x7fd113288015 in tor_addr_is_null src/common/address.c:871
#2 0x7fd113288458 in tor_addr_is_valid src/common/address.c:932
#3 0x7fd112faee5b in node_get_all_orports src/or/nodelist.c:836
#4 0x7fd113265e4a in node_is_a_configured_bridge
src/or/entrynodes.c:1871
#5 0x7fd11327290a in any_bridge_supports_microdescriptors
src/or/entrynodes.c:2487
#6 0x7fd112f99229 in we_use_microdescriptors_for_circuits
src/or/microdesc.c:924
#7 0x7fd112f99553 in usable_consensus_flavor src/or/microdesc.c:961
#8 0x7fd112fa32ae in networkstatus_set_current_consensus
src/or/networkstatus.c:1686
#9 0x7fd11320263c in connection_dir_client_reached_eof
src/or/directory.c:2009
#10 0x7fd113206e99 in connection_dir_reached_eof
src/or/directory.c:2471
#11 0x7fd1131a996e in connection_reached_eof src/or/connection.c:4841
#12 0x7fd1131a996e in connection_handle_read_impl
src/or/connection.c:3528
#13 0x7fd112f84b67 in conn_read_callback src/or/main.c:803
#14 0x7fd1111c93db in event_base_loop (/usr/lib/x86_64-linux-
gnu/libevent-2.0.so.5+0x103db)
#15 0x7fd112f86396 in run_main_loop_once src/or/main.c:2543
#16 0x7fd112f86396 in run_main_loop_until_done src/or/main.c:2589
#17 0x7fd112f86396 in do_main_loop src/or/main.c:2515
#18 0x7fd112f8bb94 in tor_main src/or/main.c:3646
#19 0x7fd112f7965b in main src/or/tor_main.c:30
#20 0x7fd10f6eab44 in __libc_start_main (/lib/x86_64-linux-
gnu/libc.so.6+0x21b44)
#21 0x7fd112f7c01a (tor/src/or/tor+0x56501a)
0x60e0004d8bb8 is located 88 bytes inside of 160-byte region
[0x60e0004d8b60,0x60e0004d8c00)
freed by thread T0 here:
#0 0x7fd111971527 in __interceptor_free (/usr/lib/x86_64-linux-
gnu/libasan.so.1+0x54527)
#1 0x7fd112f9b9f9 in networkstatus_vote_free
src/or/networkstatus.c:313
#2 0x7fd112fa357a in networkstatus_set_current_consensus
src/or/networkstatus.c:1660
#3 0x7fd11320263c in connection_dir_client_reached_eof
src/or/directory.c:2009
#4 0x7fd113206e99 in connection_dir_reached_eof
src/or/directory.c:2471
#5 0x7fd1131a996e in connection_reached_eof src/or/connection.c:4841
#6 0x7fd1131a996e in connection_handle_read_impl
src/or/connection.c:3528
#7 0x7fd112f84b67 in conn_read_callback src/or/main.c:803
#8 0x7fd1111c93db in event_base_loop (/usr/lib/x86_64-linux-
gnu/libevent-2.0.so.5+0x103db)
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20103#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs