View Issue Details

IDProjectCategoryView StatusLast Update
0003872GNUnetcadet servicepublic2018-06-07 00:25
ReporterChristian GrothoffAssigned ToBart Polot 
PrioritynormalSeveritymajorReproducibilityhave not tried
Status closedResolutionfixed 
Platformi7OSDebian GNU/LinuxOS Versionsqueeze
Product VersionSVN HEAD 
Target Version0.11.0pre66Fixed in Version0.11.0pre66 
Summary0003872: valgrind issue in ax_debug (tunnel.c:4388)
Description==946== Use of uninitialised value of size 8
==946== at 0x50A39A5: GNUNET_STRINGS_data_to_string (strings.c:898)
==946== by 0x5072E4D: GNUNET_CRYPTO_hash_to_enc (crypto_hash.c:71)
==946== by 0x50588B4: GNUNET_h2s (common_logging.c:1055)
==946== by 0x4111E6: ax_debug (gnunet-service-cadet_tunnel.c:4388)
==946== by 0x41145F: GCT_debug (gnunet-service-cadet_tunnel.c:4433)
==946== by 0x409670: send_kx (gnunet-service-cadet_tunnel.c:2147)
==946== by 0x410C80: GCT_send_ax_kx (gnunet-service-cadet_tunnel.c:4228)
==946== by 0x4090D1: ax_kx_resend (gnunet-service-cadet_tunnel.c:2042)
==946== by 0x5091D4B: run_ready (scheduler.c:587)
==946== by 0x5092656: GNUNET_SCHEDULER_run (scheduler.c:867)
==946== by 0x50A0E6A: GNUNET_SERVICE_run (service.c:1503)
==946== by 0x43328B: main (gnunet-service-cadet.c:174)
==946==
Steps To ReproduceJust running a peer with SVN 36026.
TagsNo tags attached.

Activities

Bart Polot

2015-06-30 11:29

manager   ~0009377

Could you confirm that the line (gnunet-service-cadet_tunnel.c:4388) is:

  LOG2 (level, "TTT DHRs\t %s\n",
        GNUNET_h2s ((struct GNUNET_HashCode *) &pub));

pub is a local variable, no heap should be involved...

Christian Grothoff

2015-06-30 11:31

manager   ~0009378

Yes, but 'pub' is a 32-byte public key, and you're CASTING it to a 64-byte hash for no good reason. So you're accessing uninitialized memory on the stack.
This kind of casting must stop.

You should be using GNUNET_i2s.

Bart Polot

2015-06-30 11:35

manager   ~0009380

The reason was that h2s shows more characters than i2s. I'll change that.

Christian Grothoff

2015-06-30 11:37

manager   ~0009382

That's still a terrible reason to cast a 32-byte value to a 64-byte value (or to cast at all). Also, there is GNUNET_i2s_full.

Christian Grothoff

2015-07-15 07:36

manager   ~0009441

Still no fix for this one?

Bart Polot

2015-07-15 13:06

manager   ~0009445

It's fixed, upload pending when I have access to my laptop!

Bart Polot

2015-07-15 14:08

manager   ~0009447

Should be fixed after the last commits.

Issue History

Date Modified Username Field Change
2015-06-30 09:38 Christian Grothoff New Issue
2015-06-30 09:38 Christian Grothoff Status new => assigned
2015-06-30 09:38 Christian Grothoff Assigned To => Bart Polot
2015-06-30 11:29 Bart Polot Note Added: 0009377
2015-06-30 11:31 Christian Grothoff Note Added: 0009378
2015-06-30 11:35 Bart Polot Note Added: 0009380
2015-06-30 11:37 Christian Grothoff Note Added: 0009382
2015-07-15 07:36 Christian Grothoff Note Added: 0009441
2015-07-15 13:06 Bart Polot Note Added: 0009445
2015-07-15 14:08 Bart Polot Note Added: 0009447
2015-07-15 14:08 Bart Polot Status assigned => resolved
2015-07-15 14:08 Bart Polot Fixed in Version => SVN HEAD
2015-07-15 14:08 Bart Polot Resolution open => fixed
2015-08-03 15:18 Christian Grothoff Fixed in Version SVN HEAD => 0.11.0pre66
2018-06-07 00:25 Christian Grothoff Status resolved => closed