[tor-bugs] #24733 [Core Tor/Tor]: Loading ifc.ifc_buf using the new tor_free() causes undefined behaviour on x86_64 macOS

Tor Bug Tracker & Wiki Sun, 24 Dec 2017 04:26:45 -0800

#24733: Loading ifc.ifc_buf using the new tor_free() causes undefined behaviour 
on
x86_64 macOS
-------------------------+-------------------------------------------------
     Reporter:  teor     |      Owner:  teor
         Type:  defect   |     Status:  assigned
     Priority:  Medium   |  Milestone:  Tor: 0.3.3.x-final
    Component:  Core     |    Version:
  Tor/Tor                |   Keywords:  address-sanitizer, unexpected-
     Severity:  Normal   |  consequences
Actual Points:           |  Parent ID:
       Points:  0.1      |   Reviewer:
      Sponsor:           |
  Sponsor8-can           |
-------------------------+-------------------------------------------------
 On macOS x86+64, the new tor_free() from #24337 loads ifc.ifc_buf, which
 leads to undefined behaviour. ifc.ifc_buf is a `char *` which should be
 aligned to a multiple 8 bytes, but it is always aligned at 8-bytes (ifc on
 the stack) plus 4 bytes (ifc_len and pragma pack(4)).


 This bug was caused by #24337, which has been merged to master (0.3.3.0
 -alpha-dev), and Apple's 32/64 bit kernel data structure compatibility
 code.

 It was discovered using our unit tests and clang's address sanitizer.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24733>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #24733 [Core Tor/Tor]: Loading ifc.ifc_buf using the new tor_free() causes undefined behaviour on x86_64 macOS

Reply via email to