Null pointer deref in connection_ap_attach_pending()
View options
My tor client is running on version 0.2.8.0-alpha-dev (git-ee5337e90497e31c) and I got a crash with a coredump this morning. It happened when one of my hidden service was rebooted and then the torsocks client did try to reconnect.
Last notice log:
Dec 04 11:39:16.000 [notice] Closing stream for 'SCRUBBED ONION': hidden service is unavailable (try again later).Here is the gdb backtrace of the coredump:
[snip]
#3 <signal handler called>
No locals.
#4 connection_ap_attach_pending (retry=retry@entry=1) at src/or/connection_edge.c:801
conn = 0x0
entry_conn_sl_idx = 3
entry_conn_sl_len = 4
entry_conn = 0x0
__FUNCTION__ = "connection_ap_attach_pending"
__func__ = "connection_ap_attach_pending"
#5 0x0000561584871bf4 in connection_ap_rescan_and_attach_pending () at src/or/connection_edge.c:779
entry_conn = 0x561586bcc260
conns = <optimized out>
__FUNCTION__ = "connection_ap_rescan_and_attach_pending"
#6 0x0000561584851da8 in circuit_build_needed_circs (now=now@entry=1449247161) at src/or/circuituse.c:1126
options = 0x561586bcc260
#7 0x00005615847c8288 in run_scheduled_events (now=1449247161) at src/or/main.c:1491
options = 0x561586bcc260
have_dir_info = <optimized out>
i = <optimized out>
[snip]Apparently conn is NULL at that point thus this line exploded insrc/or/connection_edge.c
connection_t *conn = ENTRY_TO_CONN(entry_conn);
if (conn->marked_for_close) {
Link items together to show that they're related.