[patch] routerlist: NULL struct pointer dereferenced to take address of element
In routerlist.c line 4953, a struct pointer that is sometimes NULL is dereferenced by an assertion. The assertion then takes the address of one of the struct's element (routerlist.c 4953): tor_assert(sd != &(r2->cache_info));
This is undefined behaviour in C, and could lead to the optimiser ignoring the check, or the program crashing.
To avoid dereferencing the potentially-NULL pointer, the assertion can be modified to check for NULL r2 first (if this is what is intended): tor_assert(!r2 || sd != &(r2->cache_info));
The attached patch makes this change.
FYI - this error was discovered using a tor built with: clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
Version: tor 0.2.6.?-alpha git 54348201f7cce9c0c01e9d4835714a2fec55c67c