Opened 3 years ago

Closed 3 years ago

#20938 closed defect (fixed)

Test: memory leak in single onion service test

Reported by: dgoulet Owned by:
Priority: Medium Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: test
Cc: Actual Points:
Parent ID: Points: 0.1
Reviewer: Sponsor:

Description

Found by the expensive hardening:

hs/single_onion_poisoning_create_dir_none: [forking] 
=================================================================
==29309==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 102 byte(s) in 2 object(s) allocated from:
    #0 0x7f93a6775eb0 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc6eb0)
    #1 0x7f93a41dcbf9 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x8cbf9)

SUMMARY: AddressSanitizer: 102 byte(s) leaked in 2 allocation(s).
OK
hs/single_onion_poisoning_create_dir1: [forking] 
=================================================================
==29311==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 102 byte(s) in 2 object(s) allocated from:
    #0 0x7f93a6775eb0 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc6eb0)
    #1 0x7f93a41dcbf9 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x8cbf9)

SUMMARY: AddressSanitizer: 102 byte(s) leaked in 2 allocation(s).
OK
hs/single_onion_poisoning_create_dir2: [forking] 
=================================================================
==29313==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 102 byte(s) in 2 object(s) allocated from:
    #0 0x7f93a6775eb0 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc6eb0)
    #1 0x7f93a41dcbf9 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x8cbf9)

SUMMARY: AddressSanitizer: 102 byte(s) leaked in 2 allocation(s).
OK
hs/single_onion_poisoning_create_dir_both: [forking] 
=================================================================
==29315==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 102 byte(s) in 2 object(s) allocated from:
    #0 0x7f93a6775eb0 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc6eb0)
    #1 0x7f93a41dcbf9 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x8cbf9)

SUMMARY: AddressSanitizer: 102 byte(s) leaked in 2 allocation(s).
OK

Patch coming up.

Child Tickets

Change History (6)

comment:1 Changed 3 years ago by dgoulet

Keywords: test added
Points: 0.1
Status: newmerge_ready

See branch: bug20938_029_01. Putting this ticket in merge_ready as the fix is trivial.

comment:2 Changed 3 years ago by teor

Status: merge_readyneeds_revision

Applying this patch will cause a double-free in master.

Last edited 3 years ago by teor (previous) (diff)

comment:3 Changed 3 years ago by teor

The correct fix is to remove these two lines:

  /* The services own the directory pointers now */
  dir1 = dir2 = NULL;

comment:4 in reply to:  2 Changed 3 years ago by dgoulet

Replying to teor:

Applying this patch will cause a double-free in master.

I don't see it... but maybe it's early morning :P.

We put the dir1/dir2 string in the service object and then we nullify their pointers so the tor_free() later will _not_ free their values leading to one single free within the service free?

  service_1->directory = dir1;
  service_2->directory = dir2;
  /* The services own the directory pointers now */
  dir1 = dir2 = NULL;

What am I missing?

comment:5 Changed 3 years ago by teor

Status: needs_revisionmerge_ready

Oh yeah, either way works. Oops. I blame it being a late night for me.

comment:6 Changed 3 years ago by nickm

Resolution: fixed
Status: merge_readyclosed

Merged dgoulet's branch to to 0.2.9 and forward. Thanks!

Note: See TracTickets for help on using tickets.