View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008797 | GNUnet | peerstore | public | 2024-05-04 22:56 | 2024-06-08 12:03 |
| Reporter | ulfvonbelow | Assigned To | schanzen | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | x86-64 | OS | Guix System | OS Version | a1d711c92e |
| Product Version | Git master | ||||
| Fixed in Version | 0.21.2 | ||||
| Summary | 0008797: Access of member of null pointer struct (segmentation fault) in gnunet-service-peerstore | ||||
| Description | This showed up in my peerstore logs: gnunet-service-peerstore.c:807:35: runtime error: member access within null pointer of type 'struct Monitor' AddressSanitizer:DEADLYSIGNAL ================================================================= ==14663==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x559acd130d75 bp 0x7ffee9e45e80 sp 0x7ffee9e45e10 T0) ==14663==The signal is caused by a READ memory access. ==14663==Hint: address points to the zero page. #0 0x559acd130d75 in monitor_iteration_next /tmp/guix-build-gnunet-0.21.1.drv-0/source/src/service/peerstore/gnunet-service-peerstore.c:807 #1 0x7f84122c86c3 in GNUNET_SCHEDULER_do_work /tmp/guix-build-gnunet-0.21.1.drv-0/source/src/lib/util/scheduler.c:2143 #2 0x7f84122cb969 in select_loop /tmp/guix-build-gnunet-0.21.1.drv-0/source/src/lib/util/scheduler.c:2442 #3 0x7f84122cb969 in GNUNET_SCHEDULER_run /tmp/guix-build-gnunet-0.21.1.drv-0/source/src/lib/util/scheduler.c:743 #4 0x7f84122dd518 in GNUNET_SERVICE_run_ /tmp/guix-build-gnunet-0.21.1.drv-0/source/src/lib/util/service.c:2107 #5 0x559acd12cc9b in main /tmp/guix-build-gnunet-0.21.1.drv-0/source/src/service/peerstore/gnunet-service-peerstore.c:1257 #6 0x7f8410e291f6 in __libc_start_call_main (/gnu/store/ifr3w929iq2lqgd5pxi4p88sk30n75av-glibc-2.35/lib/libc.so.6+0x291f6) #7 0x7f8410e292ab in __libc_start_main_alias_1 (/gnu/store/ifr3w929iq2lqgd5pxi4p88sk30n75av-glibc-2.35/lib/libc.so.6+0x292ab) #8 0x559acd12cec0 in _start (/gnu/store/5k8kr8zl4ngiqp66d3q41adw5m8q9p1f-gnunet-0.21.1/lib/gnunet/libexec/gnunet-service-peerstore+0x14ec0) AddressSanitizer can not provide additional info. | ||||
| Steps To Reproduce | Not completely sure, I assume this is a second-order effect caused by other conditions specific to my situation that is causing the code in question to be reached, but once it is reached, it is plainly a guaranteed segmentation fault: if (GNUNET_SYSERR == ret) { GNUNET_free (mc->key); GNUNET_free (mc->sub_system); GNUNET_free (mc); GNUNET_SERVICE_client_drop (mc->pc->client); /* we literally just freed mc */ return; } | ||||
| Additional Information | Patch attached. | ||||
| Tags | No tags attached. | ||||
| Attached Files | 0001-peerstore-fix-dereference-of-null-pointer-to-struct.patch (860 bytes)
From 7efc58bb02866e84529d6c34cf66e18e426b55f0 Mon Sep 17 00:00:00 2001
From: ulfvonbelow <striness@tilde.club>
Date: Sat, 4 May 2024 15:34:44 -0500
Subject: [PATCH] peerstore: fix dereference of null pointer to struct.
---
src/service/peerstore/gnunet-service-peerstore.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/service/peerstore/gnunet-service-peerstore.c b/src/service/peerstore/gnunet-service-peerstore.c
index 214f9f9ba..5d0f037a1 100644
--- a/src/service/peerstore/gnunet-service-peerstore.c
+++ b/src/service/peerstore/gnunet-service-peerstore.c
@@ -803,8 +803,8 @@ monitor_iteration_next (void *cls)
{
GNUNET_free (mc->key);
GNUNET_free (mc->sub_system);
- GNUNET_free (mc);
GNUNET_SERVICE_client_drop (mc->pc->client);
+ GNUNET_free (mc);
return;
}
if (GNUNET_NO == ret)
--
2.41.0
| ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-05-04 22:56 | ulfvonbelow | New Issue | |
| 2024-05-04 22:56 | ulfvonbelow | File Added: 0001-peerstore-fix-dereference-of-null-pointer-to-struct.patch | |
| 2024-05-05 14:20 | schanzen | Assigned To | => schanzen |
| 2024-05-05 14:20 | schanzen | Status | new => resolved |
| 2024-05-05 14:20 | schanzen | Resolution | open => fixed |
| 2024-05-05 14:20 | schanzen | Fixed in Version | => 0.21.2 |
| 2024-05-05 14:20 | schanzen | Note Added: 0022352 | |
| 2024-06-08 12:03 | schanzen | Note Added: 0022549 | |
| 2024-06-08 12:03 | schanzen | Status | resolved => closed |
