[tor-bugs] #26269 [Core Tor/Tor]: new compiler warning src/or/router.c:2034:36: warning: potential null pointer dereference

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jun 3 07:13:06 UTC 2018


#26269: new compiler warning src/or/router.c:2034:36: warning: potential null
pointer dereference
--------------------------+------------------------------------
 Reporter:  toralf        |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.4.1-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  034-must      |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by sysrqb):

 Replying to [ticket:26269 toralf]:
 > {{{
 > CC       src/or/rephist.o
 >   CC       src/or/router.o
 > src/or/router.c: In function ‘router_my_exit_policy_is_reject_star’:
 > src/or/router.c:2034:36: warning: potential null pointer dereference
 [-Wnull-dereference]
 >    return router_get_my_routerinfo()->policy_is_reject_star;
 >           ~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
 > src/or/router.c:2034:36: warning: potential null pointer dereference
 [-Wnull-dereference]
 > src/or/router.c:2034:36: warning: potential null pointer dereference
 [-Wnull-dereference]
 > src/or/router.c: In function ‘check_descriptor_bandwidth_changed’:
 > src/or/router.c:2636:36: warning: potential null pointer dereference
 [-Wnull-dereference]
 >    prev = router_get_my_routerinfo()->bandwidthcapacity;
 >           ~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
 > src/or/router.c:2636:36: warning: potential null pointer dereference
 [-Wnull-dereference]
 > src/or/router.c:2636:36: warning: potential null pointer dereference
 [-Wnull-dereference]
 > src/or/router.c: In function ‘check_descriptor_ipaddress_changed’:
 > src/or/router.c:2696:8: warning: potential null pointer dereference
 [-Wnull-dereference]
 >    prev = router_get_my_routerinfo()->addr;
 >    ~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 > src/or/router.c:2696:8: warning: potential null pointer dereference
 [-Wnull-dereference]
 > src/or/router.c:2696:8: warning: potential null pointer dereference
 [-Wnull-dereference]

 These are actually (most likely) okay because there are null-checks
 preceding each dereference.

 >   CC       src/or/routerlist.o
 >   CC       src/or/dirauth/shared_random.o
 > }}}
 > and
 > {{{
 >   CC       src/test/src_test_test-test_dos.o
 >   CC       src/test/src_test_test-test_entrynodes.o
 > src/test/test_entrynodes.c: In function
 ‘test_entry_guard_update_from_consensus_repair’:
 > src/test/test_entrynodes.c:1254:26: warning: potential null pointer
 dereference [-Wnull-dereference]
 >      n->is_possible_guard = 0;
 >      ~~~~~~~~~~~~~~~~~~~~~^~~

 Each of these should be an easy fix, other locations in this test module
 call `tt_assert` before using the returned ref from
 `bfn_mock_node_get_by_id`.


 > }}}
 > at a stable Gentoo hardened Linux with app-forensics/afl 2.52b and gcc
 (Gentoo Hardened 6.4.0-r1 p1.3) 6.4.0
 >

 This is only triggered at higher optimization level on amd64, as far as i
 can tell. Specifically, I trigger it with -O3 (but not -O1 or -O2):
 `./configure --enable-fatal-warnings --disable-asciidoc  CFLAGS="-O3"`

 I'm not sure exactly which optimization(s) cause these warnings. The gcc
 man page for -Wnull-dereference says "This option is only active when
 -fdelete-null-pointer-checks is active", but there are additional
 optimizations required for triggering this - I'm just not sure which ones.

 With regard to the `router.c` warnings above, I'm concerned the preceding
 null checks are being optimized away at -O3, but I haven't confirmed this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26269#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list