[tor-commits] [tor/master] Stop invoking undefined behaviour by using tor_free() on an unaligned pointer
nickm at torproject.org
nickm at torproject.org
Wed Jan 10 18:00:27 UTC 2018
commit 54899b404cbde5a24984e4865eed112f303398f6
Author: teor <teor2345 at gmail.com>
Date: Sun Dec 24 22:36:52 2017 +1100
Stop invoking undefined behaviour by using tor_free() on an unaligned pointer
... in get_interface_addresses_ioctl().
This pointer alignment issue exists on x86_64 macOS, but is unlikely to exist
elsewhere. (i386 macOS only requires 4-byte alignment, and other OSs have
8-byte ints.)
Fixes bug 24733; not in any released version of tor.
---
changes/bug24733 | 6 ++++++
src/common/address.c | 6 +++++-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/changes/bug24733 b/changes/bug24733
new file mode 100644
index 000000000..e333e4fa5
--- /dev/null
+++ b/changes/bug24733
@@ -0,0 +1,6 @@
+ o Minor bugfixes (code correctness):
+ - Stop invoking undefined behaviour by using tor_free() on an unaligned
+ pointer in get_interface_addresses_ioctl(). This pointer alignment issue
+ exists on x86_64 macOS, but is unlikely to exist elsewhere.
+ Fixes bug 24733; bugfix on 0.3.0.0-alpha-dev;
+ not in any released version of tor.
diff --git a/src/common/address.c b/src/common/address.c
index 0c0ba782a..ea14e6392 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1601,7 +1601,11 @@ get_interface_addresses_ioctl(int severity, sa_family_t family)
done:
if (fd >= 0)
close(fd);
- tor_free(ifc.ifc_buf);
+ /* On macOS, tor_free() loads ifc.ifc_buf, which leads to undefined
+ * behaviour, because it is always aligned at 8-bytes (ifc) plus 4 bytes
+ * (ifc_len and pragma pack(4)). So we use raw_free() instead. */
+ raw_free(ifc.ifc_buf);
+ ifc.ifc_buf = NULL;
return result;
}
#endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */
More information about the tor-commits
mailing list