Opened 12 years ago

Last modified 7 years ago

#467 closed defect (Fixed)

r10895 suicide strlcpy.c:56, circuitbuild.c:1757

Reported by: xiando Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version: 0.2.0.2-alpha
Severity: Keywords:
Cc: xiando, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Checked out revision 10895.

gdb /usr/bin/tor /var/lib/tor/core.17532
GNU gdb Red Hat Linux (6.3.0.0-1.143.el4rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1".

Core was generated by `/usr/bin/tor -f /etc/tor/torrc --pidfile /var/run/tor/tor.pid --log notice file'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libevent-1.3b.so.1...Reading symbols from /usr/lib/debug/usr/lib/libevent-1.3b.so.1.0.3.debug...done.
done.
Loaded symbols for /usr/lib/libevent-1.3b.so.1
Reading symbols from /lib/libssl.so.4...done.
Loaded symbols for /lib/libssl.so.4
Reading symbols from /lib/libcrypto.so.4...done.
Loaded symbols for /lib/libcrypto.so.4
Reading symbols from /lib/tls/libpthread.so.0...done.
Loaded symbols for /lib/tls/libpthread.so.0
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/tls/libc.so.6...btdone.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
#0 strlcpy (dst=0xa80aff0 "", src=0x0, siz=42) at strlcpy.c:56
56 s++;
(gdb) bt
#0 strlcpy (dst=0xa80aff0 "", src=0x0, siz=42) at strlcpy.c:56
#1 0x080529e0 in extend_info_alloc (nickname=0x0, digest=0x9f559b0 "��\224~\215e\004�\001", onion_key=0x9c01520, addr=176205808, port=0)

at circuitbuild.c:1743

#2 0x08052a3b in extend_info_from_router (r=0x9f55980) at circuitbuild.c:1757
#3 0x080543e1 in circuit_establish_circuit (purpose=Variable "purpose" is not available.
) at circuitbuild.c:1398
#4 0x08059bc1 in circuit_get_open_circ_or_launch (conn=0xa76bf68, desired_circuit_purpose=5 '\005', circp=0xbfe572d8) at circuituse.c:1074
#5 0x0805a663 in connection_ap_handshake_attach_circuit (conn=0xa76bf68) at circuituse.c:1284
#6 0x0806bb19 in connection_ap_attach_pending () at connection_edge.c:443
#7 0x08059554 in circuit_build_needed_circs (now=1185051593) at circuituse.c:454
#8 0x0808b34f in second_elapsed_callback (fd=-1, event=1, args=0x0) at main.c:1035
#9 0x0032e62d in event_base_loop (base=0x9c01520, flags=Variable "flags" is not available.
) at event.c:315
#10 0x0032e6e0 in event_loop (flags=176205808) at event.c:366
#11 0x0808c7d1 in tor_main (argc=15, argv=0xbfe57994) at main.c:1369
#12 0x080b0ac3 in main (argc=15, argv=0xbfe57994) at tor_main.c:28
(gdb)

[Automatically added by flyspray2trac: Operating System: Other Linux]

Child Tickets

Change History (6)

comment:1 Changed 12 years ago by nickm

looks like extend_info_alloc is getting called with nickname=0... but that only happens if the router's
nickname is null. Hm. Is that possible now, Roger?

comment:2 Changed 12 years ago by nickm

Could you print (and paste) the value of *r in extend_info_from_router()?

comment:3 Changed 12 years ago by xiando

I removed the core file when I updated to r10909, sorry about that.

But I really would like to know how I'd print (and paste) the value of *r in extend_info_from_router()?

I have no idea what I'd type to get say (r=0x9f55980) from a line like:

#2 0x08052a3b in extend_info_from_router (r=0x9f55980) at circuitbuild.c:1757

comment:4 Changed 12 years ago by nickm

In the future, could you hang on to cores and binaries that produced them when you
use them to submit a bug report?

In this case, you'd say "up 2" to move to stack frame #2, and then "print *r" to look at the contents of *r.

For more information, check out the gdb manual (available in info, html, texi, pdf, etc). It's actually pretty
well written, if you have time to read it.

comment:5 Changed 12 years ago by nickm

flyspray2trac: bug closed.
Fixed in r11293.

comment:6 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.