uninitialized timeval causing valgrind errors
I noticed some valgrind errors while debugging Tor 0.2.5.2-alpha in Shadow. The problem still exists in Tor master as of today.
In circuituse.c, line 1518, the struct timeval old_timestamp_began;
is declared, but never initialized before being used on line 1556:
control_event_circuit_cannibalized(circ, old_purpose,
&old_timestamp_began);
Should old_timestamp_began
have been set to circ->base_.timestamp_began
before updating circ->base_.timestamp_began
in line 1553?
Some valgrind backtraces:
==28186== Conditional jump or move depends on uninitialised value(s)
==28186== at 0x3F2EC48DF9: vfprintf (vfprintf.c:1635)
==28186== by 0x3F2EC74CB2: vasprintf (vasprintf.c:62)
==28186== by 0x5FDEBEF: tor_vasprintf (compat.c:435)
==28186== by 0x5EAC662: send_control_event_impl (control.c:615)
==28186== by 0x5EA71C5: send_control_event (control.c:635)
==28186== by 0x5EA75BF: control_event_circuit_status_minor (control.c:3586)
==28186== by 0x5EA7649: control_event_circuit_cannibalized (control.c:3621)
==28186== by 0x5F7A748: circuit_launch_by_extend_info (circuituse.c:1555)
==28186== by 0x5F7CACA: circuit_get_open_circ_or_launch (circuituse.c:1844)
==28186== by 0x5F7B725: connection_ap_handshake_attach_circuit (circuituse.c:2149)
==28186== by 0x5F9C34E: connection_ap_make_link (connection_edge.c:2025)
==28186== by 0x5EF2EF8: directory_initiate_command_rend (directory.c:1029)
==28186== Uninitialised value was created by a stack allocation
==28186== at 0x5E82580: ??? (in /tmp/I2JBEX-libshadow-plugin-scallion.so)
==28186== Conditional jump or move depends on uninitialised value(s)
==28186== at 0x3F2ECB4DB1: __strftime_internal (strftime_l.c:993)
==28186== by 0x3F2ECB6622: strftime_l (strftime_l.c:481)
==28186== by 0x5FEAA47: format_iso_time (util.c:1500)
==28186== by 0x5FEAA7C: format_iso_time_nospace (util.c:1508)
==28186== by 0x5FEAAF9: format_iso_time_nospace_usec (util.c:1519)
==28186== by 0x5EA7417: control_event_circuit_status_minor (control.c:3566)
==28186== by 0x5EA7649: control_event_circuit_cannibalized (control.c:3621)
==28186== by 0x5F7A748: circuit_launch_by_extend_info (circuituse.c:1555)
==28186== by 0x5F7CACA: circuit_get_open_circ_or_launch (circuituse.c:1844)
==28186== by 0x5F7B725: connection_ap_handshake_attach_circuit (circuituse.c:2149)
==28186== by 0x5F9C34E: connection_ap_make_link (connection_edge.c:2025)
==28186== by 0x5EF2EF8: directory_initiate_command_rend (directory.c:1029)
==28186== Uninitialised value was created by a stack allocation
==28186== at 0x5E82580: ??? (in /tmp/I2JBEX-libshadow-plugin-scallion.so)
==28186== Conditional jump or move depends on uninitialised value(s)
==28186== at 0x5FE2296: correct_tm (compat.c:2559)
==28186== by 0x5FE2516: tor_gmtime_r (compat.c:2673)
==28186== by 0x5FEAA2A: format_iso_time (util.c:1500)
==28186== by 0x5FEAA7C: format_iso_time_nospace (util.c:1508)
==28186== by 0x5FEAAF9: format_iso_time_nospace_usec (util.c:1519)
==28186== by 0x5EA7417: control_event_circuit_status_minor (control.c:3566)
==28186== by 0x5EA7649: control_event_circuit_cannibalized (control.c:3621)
==28186== by 0x5F7A748: circuit_launch_by_extend_info (circuituse.c:1555)
==28186== by 0x5F7CACA: circuit_get_open_circ_or_launch (circuituse.c:1844)
==28186== by 0x5F7B725: connection_ap_handshake_attach_circuit (circuituse.c:2149)
==28186== by 0x5F9C34E: connection_ap_make_link (connection_edge.c:2025)
==28186== by 0x5EF2EF8: directory_initiate_command_rend (directory.c:1029)
==28186== Uninitialised value was created by a stack allocation
==28186== at 0x5E82580: ??? (in /tmp/I2JBEX-libshadow-plugin-scallion.so)