In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)

Technically, we're not allowed to take the address of a member can't
exist relative to the null pointer.  That makes me wonder how any sane
compliant system implements the offsetof macro, but let's let sleeping
balrogs lie.

Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv

diff --git a/changes/bug13096 b/changes/bug13096
new file mode 100644 (file)
index 0000000..521faaf
--- /dev/null
+++ b/changes/bug13096
@@ -0,0 +1,4 @@
+  o Minor bugfixes (conformance):
+    - In routerlist_assert_ok(), don't take the address of a routerinfo's
+      cache_info member unless that routerinfo is non-NULL. Fixes bug
+      13096; bugfix on 0.1.1.9-alpha. Patch by "teor".

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index b5e924522e8a5a309a3d9dc25f953215f6caa964..32cbe19379c3889a2b8c1abe3ace7646254d388b 100644 (file)
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -4938,7 +4938,7 @@ routerlist_assert_ok(const routerlist_t *rl)
   } SMARTLIST_FOREACH_END(r);
   SMARTLIST_FOREACH_BEGIN(rl->old_routers, signed_descriptor_t *, sd) {
     r2 = rimap_get(rl->identity_map, sd->identity_digest);
-    tor_assert(sd != &(r2->cache_info));
+    tor_assert(!r2 || sd != &(r2->cache_info));
     sd2 = sdmap_get(rl->desc_digest_map, sd->signed_descriptor_digest);
     tor_assert(sd == sd2);
     tor_assert(sd->routerlist_index == sd_sl_idx);