[tor-commits] [tor/maint-0.2.5] In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)

[nickm at torproject.org]

commit 3c2c6a61163cd6a42cc0eeee9fc43200b9f08503
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Sep 10 23:46:20 2014 -0400

    In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)
    
    Technically, we're not allowed to take the address of a member can't
    exist relative to the null pointer.  That makes me wonder how any sane
    compliant system implements the offsetof macro, but let's let sleeping
    balrogs lie.
    
    Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
    clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
---
 changes/bug13096    |    4 ++++
 src/or/routerlist.c |    2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/changes/bug13096 b/changes/bug13096
new file mode 100644
index 0000000..521faaf
--- /dev/null
+++ b/changes/bug13096
@@ -0,0 +1,4 @@
+  o Minor bugfixes (conformance):
+    - In routerlist_assert_ok(), don't take the address of a routerinfo's
+      cache_info member unless that routerinfo is non-NULL. Fixes bug
+      13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index b5e9245..32cbe19 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -4938,7 +4938,7 @@ routerlist_assert_ok(const routerlist_t *rl)
   } SMARTLIST_FOREACH_END(r);
   SMARTLIST_FOREACH_BEGIN(rl->old_routers, signed_descriptor_t *, sd) {
     r2 = rimap_get(rl->identity_map, sd->identity_digest);
-    tor_assert(sd != &(r2->cache_info));
+    tor_assert(!r2 || sd != &(r2->cache_info));
     sd2 = sdmap_get(rl->desc_digest_map, sd->signed_descriptor_digest);
     tor_assert(sd == sd2);
     tor_assert(sd->routerlist_index == sd_sl_idx);