Loading changes/bug24733 0 → 100644 +6 −0 Original line number Diff line number Diff line o Minor bugfixes (code correctness): - Stop invoking undefined behaviour by using tor_free() on an unaligned pointer in get_interface_addresses_ioctl(). This pointer alignment issue exists on x86_64 macOS, but is unlikely to exist elsewhere. Fixes bug 24733; bugfix on 0.3.0.0-alpha-dev; not in any released version of tor. src/common/address.c +13 −1 Original line number Diff line number Diff line Loading @@ -1515,6 +1515,18 @@ get_interface_addresses_win32(int severity, sa_family_t family) #define _SIZEOF_ADDR_IFREQ sizeof #endif /* Free ifc->ifc_buf safely. */ static void ifconf_free_ifc_buf(struct ifconf *ifc) { /* On macOS, tor_free() takes the address of ifc.ifc_buf, which leads to * undefined behaviour, because pointer-to-pointers are expected to be * aligned at 8-bytes, but the ifconf structure is packed. So we use * raw_free() instead. */ raw_free(ifc->ifc_buf); ifc->ifc_buf = NULL; } /** Convert <b>*buf</b>, an ifreq structure array of size <b>buflen</b>, * into smartlist of <b>tor_addr_t</b> structures. */ Loading Loading @@ -1601,7 +1613,7 @@ get_interface_addresses_ioctl(int severity, sa_family_t family) done: if (fd >= 0) close(fd); tor_free(ifc.ifc_buf); ifconf_free_ifc_buf(&ifc); return result; } #endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */ Loading src/common/util.h +5 −0 Original line number Diff line number Diff line Loading @@ -79,6 +79,11 @@ extern int dmalloc_free(const char *file, const int line, void *pnt, * * This is a macro. If you need a function pointer to release memory from * tor_malloc(), use tor_free_(). * * Note that this macro takes the address of the pointer it is going to * free and clear. If that pointer is stored with a nonstandard * alignment (eg because of a "packed" pragma) it is not correct to use * tor_free(). */ #ifdef __GNUC__ #define tor_free(p) STMT_BEGIN \ Loading Loading
changes/bug24733 0 → 100644 +6 −0 Original line number Diff line number Diff line o Minor bugfixes (code correctness): - Stop invoking undefined behaviour by using tor_free() on an unaligned pointer in get_interface_addresses_ioctl(). This pointer alignment issue exists on x86_64 macOS, but is unlikely to exist elsewhere. Fixes bug 24733; bugfix on 0.3.0.0-alpha-dev; not in any released version of tor.
src/common/address.c +13 −1 Original line number Diff line number Diff line Loading @@ -1515,6 +1515,18 @@ get_interface_addresses_win32(int severity, sa_family_t family) #define _SIZEOF_ADDR_IFREQ sizeof #endif /* Free ifc->ifc_buf safely. */ static void ifconf_free_ifc_buf(struct ifconf *ifc) { /* On macOS, tor_free() takes the address of ifc.ifc_buf, which leads to * undefined behaviour, because pointer-to-pointers are expected to be * aligned at 8-bytes, but the ifconf structure is packed. So we use * raw_free() instead. */ raw_free(ifc->ifc_buf); ifc->ifc_buf = NULL; } /** Convert <b>*buf</b>, an ifreq structure array of size <b>buflen</b>, * into smartlist of <b>tor_addr_t</b> structures. */ Loading Loading @@ -1601,7 +1613,7 @@ get_interface_addresses_ioctl(int severity, sa_family_t family) done: if (fd >= 0) close(fd); tor_free(ifc.ifc_buf); ifconf_free_ifc_buf(&ifc); return result; } #endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */ Loading
src/common/util.h +5 −0 Original line number Diff line number Diff line Loading @@ -79,6 +79,11 @@ extern int dmalloc_free(const char *file, const int line, void *pnt, * * This is a macro. If you need a function pointer to release memory from * tor_malloc(), use tor_free_(). * * Note that this macro takes the address of the pointer it is going to * free and clear. If that pointer is stored with a nonstandard * alignment (eg because of a "packed" pragma) it is not correct to use * tor_free(). */ #ifdef __GNUC__ #define tor_free(p) STMT_BEGIN \ Loading
