Opened 3 years ago

Closed 3 years ago

#23372 closed defect (fixed)

test: stack-use-after-scope in hs_service/build_update_descriptors

Reported by: dgoulet Owned by:
Priority: High Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor Version:
Severity: Blocker Keywords: tor-test, tor-hs prop224
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Here is the libasan stacktrace:

==32333==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffd2c537fe8 at pc 0x55a25e624399 bp 0x7ffd2c537920 sp 0x7ffd2c537910
READ of size 1 at 0x7ffd2c537fe8 thread T0
    #0 0x55a25e624398 in node_allows_single_hop_exits src/or/nodelist.c:984
    #1 0x55a25e708afb in router_choose_random_node src/or/routerlist.c:2815
    #2 0x55a25e5c2493 in pick_intro_point src/or/hs_service.c:1406
    #3 0x55a25e5c2493 in pick_needed_intro_points src/or/hs_service.c:1498
    #4 0x55a25e5c2493 in update_service_descriptor src/or/hs_service.c:1589
    #5 0x55a25e5c2493 in update_all_descriptors src/or/hs_service.c:1622
    #6 0x55a25e1337c6 in test_build_update_descriptors src/test/test_hs_service.c:1140
    #7 0x55a25e31f01a in testcase_run_bare_ src/ext/tinytest.c:106
    #8 0x55a25e31f989 in testcase_run_forked_ src/ext/tinytest.c:190
    #9 0x55a25e31f989 in testcase_run_one src/ext/tinytest.c:248
    #10 0x55a25e321013 in tinytest_main src/ext/tinytest.c:435
    #11 0x55a25dee3200 in main src/test/testing_common.c:319
    #12 0x7f11c6e08420 in __libc_start_main (/lib/x86_64-linux-gnu/
    #13 0x55a25dee5ee9 in _start (src/test/test+0x956ee9)

The issue seems to be that we use routerinfo_t ri; on the stack and then assign it to a node_t with nodelist_set_routerinfo(&ri, NULL).

Child Tickets

Change History (4)

comment:1 Changed 3 years ago by nickm

Priority: MediumHigh

comment:2 Changed 3 years ago by nickm

Keywords: prop224 added
Severity: NormalBlocker

comment:3 Changed 3 years ago by dgoulet

Fix will be part of #23387.

comment:4 Changed 3 years ago by asn

Resolution: fixed
Status: newclosed

Fixed with f2c93f9 as part of #23387.

Note: See TracTickets for help on using tickets.