Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#7308 closed defect (fixed)

libevent used uninitialized on faulty code path

Reported by: ultramage Owned by:
Priority: Medium Milestone: Tor: 0.2.4.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: msvc tor-client
Cc: Actual Points:
Parent ID: #7754 Points:
Reviewer: Sponsor:


[warn] warning from libevent: event_add: event has no event_base set.

The modern libevent provides reentrant functions (base* parameter), but it still exposes the old interface and deprecated global state variables. Tor's tor_libevent_initialize() decides to use the new interface, and completely skips the old event_init() call which would initialize the global state.

In src/ocmmon/compat_libevent.h, the function tor_event_base_loopexit() is #ifdefed based on a configure variable called HAVE_EVENT_BASE_LOOPEXIT. If it's defined, it forwards to libevent, otherwise it expands to a helper function. This function calls one of the old interfaces that rely on global state.

The bug is that current src/win32/orconfig.h defines HAVE_EVENT2_EVENT_H but does not define HAVE_EVENT_BASE_LOOPEXIT. This causes the abovementioned code to skip initializing the old global libevent state, but then later ends up calling a function that depends on it.

Adding #define HAVE_EVENT_BASE_LOOPEXIT to orconfig.h fixes it.

Child Tickets

Change History (6)

comment:1 Changed 8 years ago by nickm

Keywords: tor-client added
Milestone: Tor: 0.2.3.x-final
Status: newneeds_review

Possibly this should target 0.2.3? Though MSVC is only semi-supported there. Seems obviously right though.

comment:2 Changed 8 years ago by ultramage

Summary: libevent doesn't work because of faulty code pathlibevent used uninitialized on faulty code path

Just for reference, this is caused by defined(HAVE_EVENT2_EVENT_H) && !defined(HAVE_EVENT_BASE_LOOPEXIT).

comment:3 Changed 8 years ago by nickm

Milestone: Tor: 0.2.3.x-finalTor: 0.2.4.x-final

(Given the volume of other msvc issues, I think this one is likely to be an 0.2.4, really)

comment:4 Changed 8 years ago by nickm

Parent ID: #7754

comment:5 Changed 8 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Fixed in 2645de704be23e1a4a2f565f10e4c81c8db0c82a. Thanks!

comment:6 Changed 8 years ago by nickm

Hm. This was also done in branch 024_msvc. Will have to resolve the conflict on merging that one.

Note: See TracTickets for help on using tickets.