state: Fix segfault on malformed file

Having no TotalBuildTimes along a positive CircuitBuildAbandonedCount
count lead to a segfault. We check for that condition and then BUG + log
warn if that is the case.

It should never happened in theory but if someone modified their state
file, it can lead to this problem so instead of segfaulting, warn.

Fixes #40437

Signed-off-by: David Goulet <dgoulet@torproject.org>

diff --git a/changes/ticket40437 b/changes/ticket40437
new file mode 100644 (file)
index 0000000..85ba495
--- /dev/null
+++ b/changes/ticket40437
@@ -0,0 +1,4 @@
+  o Minor bugfixes (state file):
+    - Avoid a segfault if the state file doesn't contains TotalBuildTimes along
+      CircuitBuildAbandonedCount being above 0. Fixes bug 40437; bugfix on
+      0.3.5.1-alpha.

diff --git a/src/core/or/circuitstats.c b/src/core/or/circuitstats.c
index c759ddf28168ef2d430ab7725a78dbe816293411..7a6c2014bfd9a017666f8ab13de1fcb072f8c692 100644 (file)
--- a/src/core/or/circuitstats.c
+++ b/src/core/or/circuitstats.c
@@ -1018,6 +1018,18 @@ circuit_build_times_parse_state(circuit_build_times_t *cbt,
     return 0;
   }
 
+  /* We had a case where someone removed their TotalBuildTimes from the state
+   * files while having CircuitBuildAbandonedCount above 0 leading to a
+   * segfault (#40437). Simply bug on it and return an error so at least the
+   * user will learn that they broke the state file. */
+  if (BUG(state->TotalBuildTimes <= 0 &&
+          state->CircuitBuildAbandonedCount > 0)) {
+    log_warn(LD_GENERAL, "CircuitBuildAbandonedCount count is above 0 but "
+                         "no TotalBuildTimes have been found. Unable to "
+                         "parse broken state file");
+    return -1;
+  }
+
   /* build_time_t 0 means uninitialized */
   loaded_times = tor_calloc(state->TotalBuildTimes, sizeof(build_time_t));