#23372: test: stack-use-after-scope in hs_service/build_update_descriptors ------------------------------+-------------------------------- Reporter: dgoulet | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Tor: 0.3.2.x-final Component: Core Tor/Tor | Version: Severity: Normal | Keywords: tor-test, tor-hs Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | ------------------------------+-------------------------------- Here is the libasan stacktrace: {{{ ==32333==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffd2c537fe8 at pc 0x55a25e624399 bp 0x7ffd2c537920 sp 0x7ffd2c537910 READ of size 1 at 0x7ffd2c537fe8 thread T0 #0 0x55a25e624398 in node_allows_single_hop_exits src/or/nodelist.c:984 #1 0x55a25e708afb in router_choose_random_node src/or/routerlist.c:2815 #2 0x55a25e5c2493 in pick_intro_point src/or/hs_service.c:1406 #3 0x55a25e5c2493 in pick_needed_intro_points src/or/hs_service.c:1498 #4 0x55a25e5c2493 in update_service_descriptor src/or/hs_service.c:1589 #5 0x55a25e5c2493 in update_all_descriptors src/or/hs_service.c:1622 #6 0x55a25e1337c6 in test_build_update_descriptors src/test/test_hs_service.c:1140 #7 0x55a25e31f01a in testcase_run_bare_ src/ext/tinytest.c:106 #8 0x55a25e31f989 in testcase_run_forked_ src/ext/tinytest.c:190 #9 0x55a25e31f989 in testcase_run_one src/ext/tinytest.c:248 #10 0x55a25e321013 in tinytest_main src/ext/tinytest.c:435 #11 0x55a25dee3200 in main src/test/testing_common.c:319 #12 0x7f11c6e08420 in __libc_start_main (/lib/x86_64-linux- gnu/libc.so.6+0x20420) #13 0x55a25dee5ee9 in _start (src/test/test+0x956ee9) }}}
The issue seems to be that we use `routerinfo_t ri;` on the stack and then assign it to a `node_t` with `nodelist_set_routerinfo(&ri, NULL)`. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23372> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs