View Issue Details

IDProjectCategoryView StatusLast Update
0008797GNUnetpeerstorepublic2024-06-08 12:03
Reporterulfvonbelow Assigned Toschanzen  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Platformx86-64OSGuix SystemOS Versiona1d711c92e
Product VersionGit master 
Fixed in Version0.21.2 
Summary0008797: Access of member of null pointer struct (segmentation fault) in gnunet-service-peerstore
DescriptionThis showed up in my peerstore logs:

gnunet-service-peerstore.c:807:35: runtime error: member access within null pointer of type 'struct Monitor'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==14663==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x559acd130d75 bp 0x7ffee9e45e80 sp 0x7ffee9e45e10 T0)
==14663==The signal is caused by a READ memory access.
==14663==Hint: address points to the zero page.
    #0 0x559acd130d75 in monitor_iteration_next /tmp/guix-build-gnunet-0.21.1.drv-0/source/src/service/peerstore/gnunet-service-peerstore.c:807
    #1 0x7f84122c86c3 in GNUNET_SCHEDULER_do_work /tmp/guix-build-gnunet-0.21.1.drv-0/source/src/lib/util/scheduler.c:2143
    #2 0x7f84122cb969 in select_loop /tmp/guix-build-gnunet-0.21.1.drv-0/source/src/lib/util/scheduler.c:2442
    #3 0x7f84122cb969 in GNUNET_SCHEDULER_run /tmp/guix-build-gnunet-0.21.1.drv-0/source/src/lib/util/scheduler.c:743
    #4 0x7f84122dd518 in GNUNET_SERVICE_run_ /tmp/guix-build-gnunet-0.21.1.drv-0/source/src/lib/util/service.c:2107
    #5 0x559acd12cc9b in main /tmp/guix-build-gnunet-0.21.1.drv-0/source/src/service/peerstore/gnunet-service-peerstore.c:1257
    #6 0x7f8410e291f6 in __libc_start_call_main (/gnu/store/ifr3w929iq2lqgd5pxi4p88sk30n75av-glibc-2.35/lib/libc.so.6+0x291f6)
    #7 0x7f8410e292ab in __libc_start_main_alias_1 (/gnu/store/ifr3w929iq2lqgd5pxi4p88sk30n75av-glibc-2.35/lib/libc.so.6+0x292ab)
    #8 0x559acd12cec0 in _start (/gnu/store/5k8kr8zl4ngiqp66d3q41adw5m8q9p1f-gnunet-0.21.1/lib/gnunet/libexec/gnunet-service-peerstore+0x14ec0)

AddressSanitizer can not provide additional info.
Steps To ReproduceNot completely sure, I assume this is a second-order effect caused by other conditions specific to my situation that is causing the code in question to be reached, but once it is reached, it is plainly a guaranteed segmentation fault:

if (GNUNET_SYSERR == ret)
  {
    GNUNET_free (mc->key);
    GNUNET_free (mc->sub_system);
    GNUNET_free (mc);
    GNUNET_SERVICE_client_drop (mc->pc->client); /* we literally just freed mc */
    return;
  }
Additional InformationPatch attached.
TagsNo tags attached.
Attached Files
0001-peerstore-fix-dereference-of-null-pointer-to-struct.patch (860 bytes)   
From 7efc58bb02866e84529d6c34cf66e18e426b55f0 Mon Sep 17 00:00:00 2001
From: ulfvonbelow <striness@tilde.club>
Date: Sat, 4 May 2024 15:34:44 -0500
Subject: [PATCH] peerstore: fix dereference of null pointer to struct.

---
 src/service/peerstore/gnunet-service-peerstore.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/service/peerstore/gnunet-service-peerstore.c b/src/service/peerstore/gnunet-service-peerstore.c
index 214f9f9ba..5d0f037a1 100644
--- a/src/service/peerstore/gnunet-service-peerstore.c
+++ b/src/service/peerstore/gnunet-service-peerstore.c
@@ -803,8 +803,8 @@ monitor_iteration_next (void *cls)
   {
     GNUNET_free (mc->key);
     GNUNET_free (mc->sub_system);
-    GNUNET_free (mc);
     GNUNET_SERVICE_client_drop (mc->pc->client);
+    GNUNET_free (mc);
     return;
   }
   if (GNUNET_NO == ret)
-- 
2.41.0

Activities

schanzen

2024-05-05 14:20

administrator   ~0022352

applied

schanzen

2024-06-08 12:03

administrator   ~0022549

0.21.2 released

Issue History

Date Modified Username Field Change
2024-05-04 22:56 ulfvonbelow New Issue
2024-05-04 22:56 ulfvonbelow File Added: 0001-peerstore-fix-dereference-of-null-pointer-to-struct.patch
2024-05-05 14:20 schanzen Assigned To => schanzen
2024-05-05 14:20 schanzen Status new => resolved
2024-05-05 14:20 schanzen Resolution open => fixed
2024-05-05 14:20 schanzen Fixed in Version => 0.21.2
2024-05-05 14:20 schanzen Note Added: 0022352
2024-06-08 12:03 schanzen Note Added: 0022549
2024-06-08 12:03 schanzen Status resolved => closed