From 4db610d6d96f711d3bd1e8f2a0080d83f1f5fcd0 Mon Sep 17 00:00:00 2001 From: David Goulet Date: Tue, 10 Jan 2023 09:24:09 -0500 Subject: [PATCH] state: Fix segfault on malformed file Having no TotalBuildTimes along a positive CircuitBuildAbandonedCount count lead to a segfault. We check for that condition and then BUG + log warn if that is the case. It should never happened in theory but if someone modified their state file, it can lead to this problem so instead of segfaulting, warn. Fixes #40437 Signed-off-by: David Goulet --- changes/ticket40437 | 4 ++++ src/core/or/circuitstats.c | 12 ++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 changes/ticket40437 diff --git a/changes/ticket40437 b/changes/ticket40437 new file mode 100644 index 0000000000..85ba49583c --- /dev/null +++ b/changes/ticket40437 @@ -0,0 +1,4 @@ + o Minor bugfixes (state file): + - Avoid a segfault if the state file doesn't contains TotalBuildTimes along + CircuitBuildAbandonedCount being above 0. Fixes bug 40437; bugfix on + 0.3.5.1-alpha. diff --git a/src/core/or/circuitstats.c b/src/core/or/circuitstats.c index c759ddf281..7a6c2014bf 100644 --- a/src/core/or/circuitstats.c +++ b/src/core/or/circuitstats.c @@ -1018,6 +1018,18 @@ circuit_build_times_parse_state(circuit_build_times_t *cbt, return 0; } + /* We had a case where someone removed their TotalBuildTimes from the state + * files while having CircuitBuildAbandonedCount above 0 leading to a + * segfault (#40437). Simply bug on it and return an error so at least the + * user will learn that they broke the state file. */ + if (BUG(state->TotalBuildTimes <= 0 && + state->CircuitBuildAbandonedCount > 0)) { + log_warn(LD_GENERAL, "CircuitBuildAbandonedCount count is above 0 but " + "no TotalBuildTimes have been found. Unable to " + "parse broken state file"); + return -1; + } + /* build_time_t 0 means uninitialized */ loaded_times = tor_calloc(state->TotalBuildTimes, sizeof(build_time_t)); -- 2.47.2