Opened 11 years ago
Last modified 7 years ago
#948 closed defect (Fixed)
Crash on rendcommon.c:33
Reported by: | xiando | Owned by: | |
---|---|---|---|
Priority: | Low | Milestone: | 0.2.1.x-final |
Component: | Core Tor/Tor | Version: | 0.2.1.12-alpha |
Severity: | Keywords: | ||
Cc: | xiando, karsten, nickm | Actual Points: | |
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
Revision 19068. Crash. No log (latest "[notice] Performing bandwidth self-test...done.")
Core was generated by `/usr/bin/tor --runasdaemon 1'.
Program terminated with signal 11, Segmentation fault.
[New process 8760]
[New process 8775]
#0 0x080b89e3 in rend_service_descriptor_free (desc=0x86c9040) at rendcommon.c:33
33 SMARTLIST_FOREACH(desc->successful_uploads, char *, c, tor_free(c););
(gdb) bt
#0 0x080b89e3 in rend_service_descriptor_free (desc=0x86c9040) at rendcommon.c:33
#1 0x080bef73 in rend_consider_services_upload (now=1237319764) at rendservice.c:545
#2 0x080a9774 in second_elapsed_callback (fd=-1, event=1, args=0x0) at main.c:1086
#3 0xb7f1c3ce in event_base_loop (base=0x81430b0, flags=0) at event.c:387
#4 0xb7f1c5b4 in event_loop (flags=0) at event.c:463
#5 0x080a9db5 in do_main_loop () at main.c:1435
#6 0x080aa04f in tor_main (argc=3, argv=0xbfd7b284) at main.c:2060
#7 0x080e67e6 in main (argc=Cannot access memory at address 0x11
) at tor_main.c:30
(gdb)
[Automatically added by flyspray2trac: Operating System: Other Linux]
Child Tickets
Change History (6)
comment:1 Changed 11 years ago by
comment:2 Changed 11 years ago by
Looks like when we use smartlist_free to free the list of successful uploads on line 1678 of rendservice.c, we
never actually set successful_uploads to NULL. So later, when we go to free the rend_service_descriptor_t, we
go to free the list a second time, and crash.
Fixed in r19073.
comment:4 Changed 11 years ago by
Likely cause of bug apparently fixed; no response from user when asked to confirm. Closing bug. Please reopen
if this bug happens again.
comment:6 Changed 7 years ago by
Component: | Tor Relay → Tor |
---|
r19068. @veronika.xiando.com.
Core was generated by `/usr/bin/tor -f /etc/tor/torrc --pidfile /var/run/tor/tor.pid --log notice file'.
Program terminated with signal 11, Segmentation fault.
#0 0x004780ac in free () from /lib/libc.so.6
(gdb) bt
#0 0x004780ac in free () from /lib/libc.so.6
#1 0x080b8ed1 in rend_service_descriptor_free (desc=0x9a1a0b8) at rendcommon.c:33
#2 0x080bf575 in rend_consider_services_upload (now=1237320261) at rendservice.c:545
#3 0x080a9e59 in second_elapsed_callback (fd=-1, event=1, args=0x0) at main.c:1086
#4 0x0056b100 in event_base_loop () from /usr/lib/libevent-1.3b.so.1
#5 0x0056b2f9 in event_loop () from /usr/lib/libevent-1.3b.so.1
#6 0x080aa3bd in do_main_loop () at main.c:1435
#7 0x080aa5f7 in tor_main (argc=15, argv=0xbf9c71d4) at main.c:2060
#8 0x080e758f in main (argc=Cannot access memory at address 0x1
) at tor_main.c:30
(gdb)
r19068. @lillemy.xiando.com is actually.. still running.