[tor-bugs] #32718 [Core Tor/Tor]: Crash: Consensus diff src/lib/memarea/memarea.c:147: memarea_chunk_free_unchecked
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 19 15:30:19 UTC 2020
#32718: Crash: Consensus diff src/lib/memarea/memarea.c:147:
memarea_chunk_free_unchecked
-------------------------------------------------+-------------------------
Reporter: teor | Owner: nickm
Type: defect | Status:
| accepted
Priority: High | Milestone: Tor:
| 0.4.3.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.4.1.6
Severity: Normal | Resolution:
Keywords: crash, tor-dir, 043-must, openbsd, | Actual Points:
BugSmashFund |
Parent ID: | Points: 1
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by nickm):
So here are a couple of issues that might be confusing this: First, our
fuzzing code is not usually built with memarea.c turned on, since arena
allocators can sometimes suppress memory bugs. Second, our fuzzing code
doesn't consider it an error if we can't generate a working diff, since
that can be caused by bad inputs as well as bad code. More investigation
is needed, though.
I still suspect data corruption somewhere along the line, but for now I'm
going to try fuzzing with memareas turned on, and seeing what that does.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32718#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list